Oncology group slapped with $750K HIPAA fine

[InfoSec News <alerts () infosecnews org>]

http://www.healthcareitnews.com/news/oncology-group-slapped-750k-hipaa-fine

By Erin McCann
Managing Editor
Healthcare IT News
September 2, 2015

Healthcare security folks, listen up: Failing to encrypt portable devices 
and laptops containing patient data could result in a serious HIPAA fine, 
as one Indiana-based health group can now attest to.

Cancer Care Group, a large radiation oncology practice in Indianapolis, is 
reevaluating its privacy and security practices after it was slapped with 
a $750,000 HIPAA settlement from the Department of Health and Human 
Services. It agreed to pay the sum to settle alleged HIPAA violations 
involving a breach that occurred three years ago.

Back in August 2012, Cancer Care reported a HIPAA security breach to the 
the Office for Civil Rights, after an unencrypted server backup media and 
laptop was stolen from an employee's car. Officials discovered the device 
contained the protected health information, Social Security numbers and 
insurance data for some 55,000 patients.

Following an investigation launched by the Office for Civil Rights, the 
HHS division responsible for investigating HIPAA compliance, it was 
discovered that even before the breach Cancer Care was in "widespread 
non-compliance with the HIPAA Security Rule," HHS said in a Sept. 2 
statement.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/