Slashdot Mirror

← Back to Stories (view on slashdot.org)

Loss of a Single Laptop Leads to $50k Fine Against Idaho Hospice

Posted by Unknown on from the sterm-talking-to dept.

netbuzz writes "Losing a single laptop containing sensitive personal information about 441 patients will cost a non-profit Idaho hospice center $50,000, marking the first such HIPAA-related penalty involving fewer than 500 data-breach victims. Yes, the data was not encrypted. 'This action sends a strong message to the health care industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients' health information,' says the Department of Health and Human Services."

2 of 188 comments (clear)

  1. Re:Being non-proft does not justify being incompet by Anonymous Coward · · Score: 4, Informative

    Question; is there a differance between 'effective' encryption, and 'HIPAA Approved' encryption?

    Yes, HIPAA stipulates that it must be FIPS-accredited. AES-encrypted zip files are acceptable; the older standard of zip file encryption (whatever that was) isn't.

    What stops your medical records being 'encrypted' with ROT13?

    The above.

  2. Re:Being non-proft does not justify being incompet by Guido69 · · Score: 4, Informative

    FIPS 140-2 to be more specific. There are plenty of free options.

    --
    - If we aren't supposed to eat animals, then why are they made out of meat? - Steven Wright