Ind. Physician Practice Reaches HIPAA Settlement

A private physician practice operating in Indiana has reached a $750,000 settlement with the Department of Human Health and Services after it was found not to be in compliance with a security rule.

Cancer Care Group, P.C. agreed to the settlement after a breach of protected health information (PHI) when an employee’s laptop was stolen from his car on August 29, 2012. The computer had unencrypted backup media containing the names, addresses, dates of birth, Social Security numbers, insurance information and clinical information of roughly 55,000 current and former patients.

The security breach prompted an investigation by the Office for Civil Rights, which found numerous violations of the Health Insurance Portability and Accountability Act’s Security Rule. The two most damning findings included that the company had not recently conducted a risk analysis and the company did not have a written policy in place addressing the removal of PHI from its facilities.

The settlement includes an agreement for Cancer Care Group, which specializes in radiation oncology, to “adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program” according to an HHS press release.

The press release also included the case’s resolution agreement and guidance on conducting an HIPAA risk analysis.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content

UT and Texas Governor Face Criticism for Their Handling of Pro-Palestine Protesters

Know the Total Cost of Owning a Security System

An Updated List of States That Allow Campus Carry

9 Ways to Prove Sexual Assault Without Physical Evidence