Device Manufacturer Will Pay $2.5M to Settle Potential HIPAA Noncompliance | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Device Manufacturer Will Pay $2.5M to Settle Potential HIPAA Noncompliance

April 24, 2017
by Heather Landi
| Reprints

CardioNet, a Malvern, Pa.-based device manufacturer and a subsidiary of BioTelemtry, has agree to pay a $2.5 million settlement with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) due to potential noncompliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.

According to a press release from HHS, the potential HIPAA compliance stems from the impermissible disclosure of unsecured electronic protected health information (ePHI) following the theft of an employee’s laptop. As part of the resolution agreement, CardioNet also agreed to implement a corrective action plan. The settlement is the first involving a wireless health services provider, according to HHS, as CardioNet provides remote mobile monitoring of and rapid response to patients at risk for cardiac arrhythmias.

HHS report states that in January 2012, CardioNet reported to the HHS’ OCR that a workforce member’s laptop was stolen from a parked vehicle outside of the employee’s home. The laptop contained the ePHI of 1,391 individuals. OCR’s investigation into the impermissible disclosure revealed that CardioNet had “an insufficient risk analysis and risk management processes in place at the time of the theft,” HHS stated. Additionally, “CardioNet’s policies and procedures implementing the standards of the HIPAA Security Rule were in draft form and had not been implemented.” Further, the company was unable to produce any final policies or procedures regarding the implementation of safeguards for ePHI, including those for mobile devices, according to HHS.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Advocate Aurora Health, Foxconn Plan Employee Wellness, “Smart City,” and Precision Medicine Collaboration

Wisconsin-based Advocate Aurora Health is partnering with Foxconn Health Technology Business Group, a Taiwanese company, to develop new technology-driven healthcare services and tools.

Healthcare Data Breach Costs Remain Highest at $408 Per Record

The cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year, as the healthcare industry also continues to incur the highest cost for data breaches compared to any other industry, according to a new study from IBM Security and the Ponemon Institute.

Morris Leaves ONC to Lead VA Office of Electronic Health Record Modernization

Genevieve Morris, who has been detailed to the U.S. Department of Veterans Affairs (VA) from her position as the principal deputy national coordinator for the Department of Health and Human Services, will move over full time to lead the newly establishment VA Office of Electronic Health Record Modernization.

Cedars-Sinai Accelerator Program Presents Fourth Class of Startups

The Cedars-Sinai Accelerator, a program that helps entrepreneurs bring their innovative technology products to market, has brought in nine more health tech startups as part of its fourth class.

DirectTrust Adds Five Board Members

DirectTrust, a nonprofit organization that support health information exchange, announced the appointment of five new executives to its board of directors.

Analysis: Many States Continue to Have Restrictive Telemedicine Policies

State Medicaid programs are evolving to accelerate the adoption of telemedicine models, this evolution is occurring more quickly in some states than others, according to a recent analysis by Manatt Health.