First Penalty for Data Breach of Under 500 Records

The Department of Health and Human Services Office for Civil Rights reached its first settlement for a breach involving data regarding less than 500 individuals. The Hospice of North Idaho will pay a $50,000 penalty to resolve allegations that it violated the HIPAA Security Rule when an unencrypted laptop was stolen with information on 441 patients. The settlement agreement is here. The penalty does not include the related investigation, PR, legal or notification costs.

As a reminder health care providers are required to report loss of identifiable patient information to HHS.

Elder Care providers are being pressed with increasing financial risk at a time when margins are being squeezed ever tighter. Contact us to discuss ways to broaden your current insurance coverage to address growing concerns like the costs of patient confidentially and employment related allegations. We have the expertise and market connections to drive cost savings over your current program while updating coverage ahead of changes in regulation and litigation.