Dermatology practice first to be hit with HITECH breach penalty

Concord, Mass.-based Adult & Pediatric Dermatology, P.C. last week agreed to pay a settlement of $150,000 with the U.S. Department of Health & Human Services Office for Civil Rights in lieu of privacy violations stemming from a September 2011 thumb drive theft. According to HHS, the case marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the HITECH Act.

The thumb drive, which was stolen from an employee's vehicle, contained electronic protected health information for 2,200 individuals, according to HHS.

"As we say in healthcare, an ounce of prevention is worth a pound of cure," OCR Director Leon Rodriguez said in a statement. "That is what a good risk management process is all about--identifying and mitigating the risk before a bad thing happens. Covered entities of all sizes need to give priority to securing electronic protected health information." Announcement

Suggested Articles

The COVID-19 pandemic is driving enormous demand for virtual mental health care services. Here is how much utilization has increased during COVID-19.

Ambulatory EHR provider NextGen Healthcare saw its quarterly revenue grew 4% to $140 million and earnings topped Wall Street projections.

Blue Cross NC is launching two new digital programs targeting smoking cessation and Type 2 diabetes management next month at no cost to members.