Mass. Hospital Settles HIPAA Violation

The theft of a laptop at Lahey Hospital disclosed 599 patients’ information.

Lahey Hospital and Medical Center in Massachusetts will pay $850,000 as part of an HIPAA settlement with the Office for Civil Rights.

Lahey will also adopt a “corrective action plan” to further its HIPAA compliance and provide a risk analysis to the OCR as part of the agreement, according to

The HIPAA violation was first reported by Lahey in 2011 when a laptop connected to a CT scanner was stolen from an unlocked treatment room. The laptop operated the scanner and produced images of scans, so its hard drive held protected health information.

OCR’s subsequent investigation found several problems with the healthcare facility’s HIPAA compliance, including a failure to conduct a risk analysis of its ePHI and to physically safeguard the workstation containing it; a failure to implement policies to safeguard ePHI kept on workstations connected to laboratory equipment; a failure to identify and track user identity on the workstations; and the theft of 599 patients’ PHI.

RELATED: Ind. Physician Practice Reaches HIPAA Settlement

Lahey is a nonprofit teaching hospital providing primary and specialty care in Burlington, Massachusetts.

The entire resolution agreement and corrective action plan can be found here.

Read More Articles Like This… With A FREE Subscription

Campus Safety magazine is another great resource for public safety, security and emergency management professionals. It covers all aspects of campus safety, including access control, video surveillance, mass notification and security staff practices. Whether you work in K-12, higher ed, a hospital or corporation, Campus Safety magazine is here to help you do your job better!

Get your free subscription today!

Get Our Newsletters
Campus Safety HQ