Dermatology practice first to be hit with HITECH breach penalty

Concord, Mass.-based Adult & Pediatric Dermatology, P.C. last week agreed to pay a settlement of $150,000 with the U.S. Department of Health & Human Services Office for Civil Rights in lieu of privacy violations stemming from a September 2011 thumb drive theft. According to HHS, the case marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the HITECH Act.

The thumb drive, which was stolen from an employee's vehicle, contained electronic protected health information for 2,200 individuals, according to HHS.

"As we say in healthcare, an ounce of prevention is worth a pound of cure," OCR Director Leon Rodriguez said in a statement. "That is what a good risk management process is all about--identifying and mitigating the risk before a bad thing happens. Covered entities of all sizes need to give priority to securing electronic protected health information." Announcement

Suggested Articles

Nearly 10,000 patients involved in research studies were impacted by a third-party privacy breach that may have exposed their medical diagnoses, test results…

Veterans Health Administration medical facilities currently have a paper medical record backlog that if stacked up would be 5.15 miles high, according to the…

The Department of Health and Human Services announced proposed changes to privacy restrictions on patients' substance use treatment records.