As mentioned on our Life Sciences Legal Update blog, two separate HIPAA settlements resulted from investigations by the Department of Health and Human Services, Office for Civil Rights (OCR) into two self-reported instances of unencrypted laptop theft from health care entities. In the first instance, OCR’s investigation found that the company had previously recognized a lack of encryption on its technology but had failed to fully address the issue before the breach occurred. In the second instance, OCR determined that the company had failed to comply with multiple requirements of the HIPAA Security Rule. Both instances resulted in settlements that included financial penalties as well as agreement to continued oversight by OCR through Corrective Action Plans.
To read the entire post, click here.