Slashdot Mirror

← Back to Stories (view on slashdot.org)

Loss of a Single Laptop Leads to $50k Fine Against Idaho Hospice

Posted by Unknown on from the sterm-talking-to dept.

netbuzz writes "Losing a single laptop containing sensitive personal information about 441 patients will cost a non-profit Idaho hospice center $50,000, marking the first such HIPAA-related penalty involving fewer than 500 data-breach victims. Yes, the data was not encrypted. 'This action sends a strong message to the health care industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients' health information,' says the Department of Health and Human Services."

5 of 188 comments (clear)

  1. Re:This is why God invented encryption by Cryacin · · Score: 3, Informative

    Ummmm, at least Christians would say you're idolizing the wrong J.C.

    http://voices.yahoo.com/basic-cryptology-caesars-encryption-method-5295779.html

    --
    Science advances one funeral at a time- Max Planck
  2. Re:It works! by icebike · · Score: 3, Informative

    No it doesn't. For starters: such a fine is a good thing, but it should be payable to the victims of the data breach (as in: the people whose sensitive data was dumped on the street).

    You did read the article right?

    Of course not.

    Nobodies data was abused. They didn't suffer any damages from the data breach.
    (You do know what a Hospice is, right? You understand that their clients could not possibly care less about a data breach?).

    Be that as it may, fines are NEVER payable to individuals. The government simply pockets the money.
    Nobody is taught any lessons, other than to raise their prices to pay for even more insurance.

    --
    Sig Battery depleted. Reverting to safe mode.
  3. Re:Being non-proft does not justify being incompet by Anonymous Coward · · Score: 4, Informative

    Question; is there a differance between 'effective' encryption, and 'HIPAA Approved' encryption?

    Yes, HIPAA stipulates that it must be FIPS-accredited. AES-encrypted zip files are acceptable; the older standard of zip file encryption (whatever that was) isn't.

    What stops your medical records being 'encrypted' with ROT13?

    The above.

  4. Re:Being non-proft does not justify being incompet by Guido69 · · Score: 4, Informative

    FIPS 140-2 to be more specific. There are plenty of free options.

    --
    - If we aren't supposed to eat animals, then why are they made out of meat? - Steven Wright
  5. Re:Government penalizers doing... by Anonymous Coward · · Score: 2, Informative

    Banks, State Agencies, Military, Doctors and Clinics all over the country have data losses all the time, but
    nobody gets fined. Because they all have insurance and lawyers.

    Nobody gets fined? Are you kidding? Large organizations get fined all the time, often for amounts of money that aren't measured in "K". It is, by the way, the reason that said organizations have insurance. And lawyers. This one is making the news precisely because it's a small organization and a small data breach.