Ind. Physician Practice Reaches HIPAA Settlement

The Cancer Care Group has made a ‘corrective action plan’ to improve its HIPAA compliance.

A private physician practice operating in Indiana has reached a $750,000 settlement with the Department of Human Health and Services after it was found not to be in compliance with a security rule.

Cancer Care Group, P.C. agreed to the settlement after a breach of protected health information (PHI) when an employee’s laptop was stolen from his car on August 29, 2012. The computer had unencrypted backup media containing the names, addresses, dates of birth, Social Security numbers, insurance information and clinical information of roughly 55,000 current and former patients.

The security breach prompted an investigation by the Office for Civil Rights, which found numerous violations of the Health Insurance Portability and Accountability Act’s Security Rule. The two most damning findings included that the company had not recently conducted a risk analysis and the company did not have a written policy in place addressing the removal of PHI from its facilities.

The settlement includes an agreement for Cancer Care Group, which specializes in radiation oncology, to “adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program” according to an HHS press release.

The press release also included the case’s resolution agreement and guidance on conducting an HIPAA risk analysis.

Read More Articles Like This… With A FREE Subscription

Campus Safety magazine is another great resource for public safety, security and emergency management professionals. It covers all aspects of campus safety, including access control, video surveillance, mass notification and security staff practices. Whether you work in K-12, higher ed, a hospital or corporation, Campus Safety magazine is here to help you do your job better!

Get your free subscription today!

Get Our Newsletters
Campus Safety HQ