Massachusetts Attorney General Martha Coakley recently entered into a Consent Judgment with Beth Israel Deaconess Medical Center, Inc., related to a data breach that affected nearly 4,000 patients and employees.
“The healthcare industry’s increased reliance on technology makes it more important than ever that providers ensure patients’ personal information and protected health information is secure,” Coakley said. “To prevent breaches like this from happening, hospitals must put in place and enforce reasonable technological and physical security measures.”
The complaint alleges that in May 2012, an unauthorized person gained access to an unlocked office in the hospital and stole an unencrypted laptop computer with patient and employee health information. Information put at risk by the data breach included names, Social Security numbers, and medical information, according to the Massachusetts A.G.’s office.
Under the terms of its consent judgment, the hospital agreed to pay $100,000, including a $70,000 civil penalty, $15,000 for attorneys’ fees and costs, and a payment of $15,000 to a fund administered by the A.G.’s Office for educational programs concerning the protection of personal information and protected health information. Additionally, the hospital agreed to audit overall security measures and to secure, encrypt, and track laptops containing personal and protected health information.
The Attorney General’s action is not the first in recent memory against a health care entity for failing to properly abide by state and federal data privacy requirements. Recent efforts include “a 2012 settlement with South Shore Hospital for $750,000, a 2013 settlement with medical billing company Goldthwait Associates and its client pathology groups, and a $150,000 settlement with Women and Infants Hospital of Rhode Island in July 2014.”
You can follow the Consumer Financial Services Law Monitor for updates on this and other related news topics.