FierceHealthcareFierceHealthITFierceHealthFinance   FiercePharmaFierceBiotechFierceSarbox

Seattle health system will pay $100K HIPAA fine

A Seattle-based health system has agreed to pay a $100,000 HIPAA fine--as well as improve its medical data security--after failing to properly secure data backup tapes, disks and laptops. During 2005 and 2006, medical data was stolen from Providence Health & Services several times, with backup tapes and laptops being lost or stolen repeatedly. In light of these incidents, the health system will now revise its policy on transporting patient records outside of company buildings, and it will improve employee training. It will also undergo security monitoring by the feds, and turn in report on data security measures for three years.

The fine that will be paid by Providence is actually fairly unusual, as very few HIPAA fines have actually been imposed to date. However, its security issues are also unique. While many health organizations have lost a single laptop or backup tape to theft or disorganization in recent years, I haven't encountered any that have actually had to report multiple losses. That might explain why federal monitors took a particular interest in this organization's troubles.

To learn more about the HIPAA settlement:
- read this Seattle Post-Intelligencer piece

Related Articles:
IT staffer fired after data theft, sues hospital
Tenet warns of potential data theft
VA pledges better data security
Johns Hopkins investigates data breach

More stories about Backup Tapes   Providence Health   patient records   patient data   medical data   Laptops   HIPAA fine   Health Insurance Portability and Accountability Act (HIPAA)   data security  

Comments

As a Seattle patient who had his identity stolen, was forced to leave the hospital on life support to catch the criminal, and had to push through the first HIPAA conviction in the country, I am happy to see that the medical centers that did not learn from my story and tighten things up are being held to a higher standard. They have no idea how much ris they are putting their patients in with their lax procedures of protecting patient data.
ERic Drew

Post new comment

The content of this field is kept private and will not be shown publicly.

More information about formatting options

What is 12 + 56?
To combat spam, please solve the math question above.