Mass. Hospital Settles HIPAA Violation
The theft of a laptop at Lahey Hospital disclosed 599 patients’ information.
Lahey Hospital and Medical Center in Massachusetts will pay $850,000 as part of an HIPAA settlement with the Office for Civil Rights.
Lahey will also adopt a “corrective action plan” to further its HIPAA compliance and provide a risk analysis to the OCR as part of the agreement, according to hhs.gov.
The HIPAA violation was first reported by Lahey in 2011 when a laptop connected to a CT scanner was stolen from an unlocked treatment room. The laptop operated the scanner and produced images of scans, so its hard drive held protected health information.
OCR’s subsequent investigation found several problems with the healthcare facility’s HIPAA compliance, including a failure to conduct a risk analysis of its ePHI and to physically safeguard the workstation containing it; a failure to implement policies to safeguard ePHI kept on workstations connected to laboratory equipment; a failure to identify and track user identity on the workstations; and the theft of 599 patients’ PHI.
RELATED: Ind. Physician Practice Reaches HIPAA Settlement
Lahey is a nonprofit teaching hospital providing primary and specialty care in Burlington, Massachusetts.
The entire resolution agreement and corrective action plan can be found here.
If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Related Content
Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century
This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!
