West Georgia Ambulance, Inc. (West Georgia) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Service (HHS) entered into a $65,000 no-fault settlement agreement and two year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).
On February 11, 2013, West Georgia submitted a breach report to OCR describing a breach that occurred on December 13, 2012, when an unencrypted laptop fell off the back bumper of an ambulance. The laptop was not recovered and West Georgia reported that exactly 500 individuals were affected by the breach.
OCR’s investigations into this incident revealed that West Georgia failed to:
1. Conduct an accurate and thorough risk analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of its ePHI;
2. Have a HIPAA security training program and provide security training to its employees; and
3. Implement Security Rule policies or procedures.
According to the settlement announcement, despite OCR’s investigation and technical assistance, West Georgia did not take meaningful steps to address their systemic failures.
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.