Office for Civil Rights announces $3.2 million penalty
February 15, 2017
— The U.S. Department of Health and Human Services Office for Civil Rights said Feb. 1 that it had finalized a $3.2 million civil money penalty against the Children's Medical Center of Dallas following multiple alleged Health Insurance Portability and Accountability Act violations between 2009-13.
On Jan. 18, 2010, Children's filed a breach report with OCR "indicating the loss of an unencrypted, non-password protected BlackBerry device" that contained the electronic personal health information of approximately 3,800 individuals. On July 5, 2013, Children's filed a separate HIPAA Breach Notification Report "reporting the theft of an unencrypted laptop" containing the electronic personal health information of 2,462 individuals.
its investigation revealed "Children's noncompliance with HIPAA Rules, specifically, a failure to implement risk management plans, contrary to prior external recommendations to do so, and a failure to deploy encryption or an equivalent alternative measure on all of its laptops, work stations, mobile devices and removable storage media until April 9, 2013."
Information about OCR's enforcement process, and other incidents that OCR has investigated, is available on the HHS website here
ADA HIPAA resources can be found online in the Center for Professional Success
or the ADA Catalog