1 min read

Stolen laptops continue to result in huge HIPAA fines

Picture of Hoala Greevy Hoala Greevy March 21, 2016

HIPAA compliance
HHS Office for Civil Rights in Action header graphic

As we've previously covered, public data shows it costs an average of $881,305 in HIPAA fines for each single stolen laptop. With last week's enormous new HIPAA fine handed out by the Office for Civil Rights (OCR) however, the average is going up.

In this latest settlement case, Feinstein Institute for Medical Research agreed to pay the U.S. Department of Health and Human Services, OCR department $3.9 million to settle HIPAA Privacy and Security violations. OCR's investigation began after Feinstein filed a breach report indicating that in early September 2012, a laptop computer containing the electronic protected health information (ePHI) of approximately 13,000 patients and research participants was stolen from an employee's car. The ePHI stored in the laptop included the names of research participants, dates of birth, addresses, social security numbers, diagnoses, lab results, medications, and medical information relating to a research study. Further investigation revealed Feinstein's security management process insufficiently addressed potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by the entity. In addition, Feinstein lacked policies and procedures for authorizing access to ePHI by its workforce members, failed to implement safeguards to restrict access to unauthorized users, and lacked policies and procedures to govern the receipt and removal of laptops that contained ePHI into and out of its facilities. " Research institutions subject to HIPAA must be held to the same compliance standards as all other HIPAA-covered entities," said OCR Director Jocelyn Samuels.

About Feinstein Institute for Medical Research The Feinstein Institute for Medical Research is the research branch of the Northwell Health enterprise and is headquartered in Manhasset, NY. The Institute is composed of more than 1,500 clinicians, scientists and staff who work in laboratories and clinical research programs in collaboration with clinicians and patients throughout the many facilities of Northwell Health. According to the press release, the organization agreed to undertake a substantial corrective action plan to bring its operations into compliance.

See Related: HIPAA Fines caused by Stolen Laptops

See Related: HIPAA Violations Outpace Oil, Congress and Dow Jones

See Related: HIPAA Compliant Email

 

Try Paubox Email Suite for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Person using laptop displaying Paubox HIPAA compliance website

HIPAA fines caused by stolen thumb drives

Picture of Hoala Greevy Hoala Greevy : August 7, 2014

In our last post, we discovered that since 2012, the average HIPAA fine for a stolen unencrypted laptop cost an astounding $881,305. In this post,...

HIPAA compliance
Read More
Person holding a phone while watching a data transfer progress bar on a computer monitor

Can healthcare professionals share PHI from previous workplaces?

Picture of Kirsten Peremore Kirsten Peremore : July 12, 2024

HIPAA does not generally apply to employment information unrelated to healthcare treatment or operations. An Interactive Journal of Medical Research...

HIPAA compliance Patient privacy
Read More
blue digital shield

Organizations you didn't know need to be HIPAA compliant

Lusanda Molefe : January 8, 2026

When most people think of HIPAA compliance, hospitals and doctors' offices come to mind. The reality extends far beyond clinical settings. According...

HIPAA compliance
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.