West Georgia Ambulance, Inc. (West Georgia), has agreed to pay $65,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. West Georgia is an ambulance company that provides emergency and non-emergency ambulance services in Carroll County, Georgia.
OCR began its investigation after West Georgia filed a breach report in 2013 concerning the loss of an unencrypted laptop containing the protected health information (PHI) of 500 individuals. OCR’s investigation uncovered long-standing noncompliance with the HIPAA Rules, including failures to conduct a risk analysis, provide a security awareness and training program, and implement HIPAA Security Rule policies and procedures. Despite OCR’s investigation and technical assistance, West Georgia did not take meaningful steps to address their systemic failures.
“The last thing patients being wheeled into the back of an ambulance should have to worry about is the privacy and security of their medical information,” said OCR Director Roger Severino. “All providers, large and small, need to take their HIPAA obligations seriously.”
COMPLIANCE WITH THE HIPAA SECURITY RULE IS KEY TO AVOIDING THE LOSS OF REVENUE THAT WOULD COME FROM AN INCIDENT LIKE THIS ONE. THERE WAS NO DATA BREACH, NO ELABORATE PHISHING SCHEME. JUST USER ERROR AND NONCOMPLIANCE.
IF YOU’RE IN NEED OF A QUICK AND EASY WAY TO STAY HIPAA COMPLIANT, CHECK OUT OUR HIPAA SECURE NOW! SECURITY SERVICE AND CONTACT US TODAY.
Article sourced from databreaches.net