Slashdot Mirror

← Back to Stories (view on slashdot.org)

Loss of a Single Laptop Leads to $50k Fine Against Idaho Hospice

Posted by Unknown on from the sterm-talking-to dept.

netbuzz writes "Losing a single laptop containing sensitive personal information about 441 patients will cost a non-profit Idaho hospice center $50,000, marking the first such HIPAA-related penalty involving fewer than 500 data-breach victims. Yes, the data was not encrypted. 'This action sends a strong message to the health care industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients' health information,' says the Department of Health and Human Services."

5 of 188 comments (clear)

  1. This is why God invented encryption by kriston · · Score: 4, Insightful

    This is why God invented encryption.

    --

    Kriston

  2. Being non-proft does not justify being incompetent by gweihir · · Score: 4, Insightful

    Yes, it is tragic, but effective encryption is free (TrueCrypt, e.g.) and a non-profit still does not have any business being incompetent.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  3. Government penalizers doing... by Anonymous Coward · · Score: 5, Insightful

    ...what govt penalizers do best: pick on those least capable of defending themselves... in other words go after the low hanging fruit and don't bother with the really hard stuff like rich, for-profit hospitals and clinics that routinely violate HIPAA... because those have armies of high-dollar lawyers who'll make life hard on the govt if they attempt to go after them.

  4. Re:It works! by Alwin+Henseler · · Score: 4, Insightful

    No it doesn't. For starters: such a fine is a good thing, but it should be payable to the victims of the data breach (as in: the people whose sensitive data was dumped on the street). One way or another, they suffer damage from a data breach, they should be compensated.

    Secondly, it won't prevent further breaches like they happen so often these days. Maybe if fines are stiff enough, and handed out often enough, over time it will produce an effect. I wouldn't hold my breath though. When it comes to keeping data private, a new idiot is born every day. Sometimes an idiot in charge, but that's not always necessary.

  5. Re:It works! by Enry · · Score: 4, Insightful

    Yes, and the next time some Hospice official thinks about not encrypting their data, they're going to remember this event and think better of it.

    HIPAA violations are serious. People have likely lost their jobs over this. Even though I'm not in a position to routinely work with patient data, my employer requires that my laptop is encrypted - in the case of my Linux laptop I was able to convince them that using encrypted LVM was sufficient.