Ind. Physician Practice Reaches HIPAA Settlement
The Cancer Care Group has made a ‘corrective action plan’ to improve its HIPAA compliance.
A private physician practice operating in Indiana has reached a $750,000 settlement with the Department of Human Health and Services after it was found not to be in compliance with a security rule.
Cancer Care Group, P.C. agreed to the settlement after a breach of protected health information (PHI) when an employee’s laptop was stolen from his car on August 29, 2012. The computer had unencrypted backup media containing the names, addresses, dates of birth, Social Security numbers, insurance information and clinical information of roughly 55,000 current and former patients.
The security breach prompted an investigation by the Office for Civil Rights, which found numerous violations of the Health Insurance Portability and Accountability Act’s Security Rule. The two most damning findings included that the company had not recently conducted a risk analysis and the company did not have a written policy in place addressing the removal of PHI from its facilities.
The settlement includes an agreement for Cancer Care Group, which specializes in radiation oncology, to “adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program” according to an HHS press release.
Read More Articles Like This… With A FREE Subscription
Campus Safety magazine is another great resource for public safety, security and emergency management professionals. It covers all aspects of campus safety, including access control, video surveillance, mass notification and security staff practices. Whether you work in K-12, higher ed, a hospital or corporation, Campus Safety magazine is here to help you do your job better!