In our previous posts, we covered fines for HIPAA Privacy Act violations for stolen laptops and stolen thumb drives. In most cases, the laptops and thumb drives were stolen from a car and in all cases, the disk drives were not encrypted. To avoid costly HIPAA privacy act fines for stolen computers and thumb drives, you might think enforcing a policy to encrypt all computer equipment leaving the office would suffice. But if we look into HIPAA breach investigations by the US Department of Health and Human Services, we see this is not the case. As we’ll cover in this post, even a computer that never leaves your office can still be subject to a costly fine due to a HIPAA Privacy Act violation.
Last week, Google announced it would assign positive favor to websites that use secure connections, or HTTPS encryption by default. The positive favor, or what they call ranking signal, is a strong indication from Google that they value secure websites. In other words, Google wants to make sure that websites people access from it are secure. And we at Paubox couldn’t agree more.
2004 marked the first full year the Office for Civil Rights released data for HIPAA Violations. Its data set included three categories- No Violation, Resolved After Intake and Review (No Fines), and Corrective Action Obtained (Fines). The focus of this post will be on the exponential growth of the Corrective Action Obtained category. From 2004-2013, the compounded annual growth rate of confirmed HIPAA Privacy Act violations was an astounding 12.88%.
When compared against almost any growth statistic during that timespan, there hasn’t been much that’s outpaced the explosive growth of HIPAA violations. In fact, we’ll compare it against three recent macro trends in America- domestic oil production, the disapproval rating of Congress and the Dow Jones Industrial Average.
In our last post, we discovered that since 2012, the average HIPAA fine for a stolen unencrypted laptop cost an astounding $881,305.
In this post, we’ll take a look at two instances in which stolen thumb drives (USB drives) led to costly HIPAA fines. We’ll also discuss why a stolen thumb drive can incur such heavy penalties.
Since 2012, the U.S. Department of Health and Human Services (HHS) has issued large monetary fines for violations of the HIPAA Privacy Rule. Some of its biggest fines, in fact, have been due to stolen laptops. In several instances, a single stolen laptop led to fines in excess of $1,000,000.
In this post, we’ll explore four instances in which stolen laptops lead to HIPAA fines. We’ll also discuss why a stolen laptop can incur such heavy penalties.