Dermatology practice first to be hit with HITECH breach penalty

Concord, Mass.-based Adult & Pediatric Dermatology, P.C. last week agreed to pay a settlement of $150,000 with the U.S. Department of Health & Human Services Office for Civil Rights in lieu of privacy violations stemming from a September 2011 thumb drive theft. According to HHS, the case marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the HITECH Act.

The thumb drive, which was stolen from an employee's vehicle, contained electronic protected health information for 2,200 individuals, according to HHS.

"As we say in healthcare, an ounce of prevention is worth a pound of cure," OCR Director Leon Rodriguez said in a statement. "That is what a good risk management process is all about--identifying and mitigating the risk before a bad thing happens. Covered entities of all sizes need to give priority to securing electronic protected health information." Announcement

Suggested Articles

Frustrated with their current EHR, Northwell Health physicians and IT leaders are working with Allscripts to build a better one.

Memorial Sloan Kettering Cancer Center has tapped former CVS Health and Aetna executive Claus Torp Jensen, Ph.D., as its first chief digital officer.

NYC Health + Hospitals plans to upgrade millions of imaging technologies across the health system as part of a $224 million deal with GE Healthcare.