Data breach fine proves companies of all sizes need to take precautions
Disaster recovery planning is not restricted to larger companies. It’s an aspect of risk management that organizations of all sizes need to institute when preparing themselves for numerous situations. With technology becoming more prevalent in the daily operations of companies in many industries, it is crucial for a business to ensure that it has the necessary precautions in place to prevent a data breach.
As reported by American Medical News, the Department of Health and Human Services (HHS) has reached a settlement over a data breach that affected fewer than 500 people. In 2010, the Hospice of North Idaho experienced a security issue when a laptop was stolen. It contained unencrypted health data on 441 patients.
An agreement was finally reached after a long investigation in which HHS found that the practice never conducted a risk assessment to safeguard patient data, which is a requirement under the Health Insurance Portability and Accountability Act (HIPAA). The medical facility will pay $50,000 in fines to HHS.
“This action sends a strong message to the healthcare industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients’ health information,” Office for Civil Rights Director Leon Rodriguez, said in a statement.
Brenda Wild, board president of Hospice of North Idaho, told the American Medical News that while the initial theft of the laptop was out of their hands, the organization has since taken measures to better ensure the safety and security of patients’ data.
Healthcare organizations can be severely impacted by data breaches. Not only do they face heavy fines, they can also lose patients, as individuals want to be assured that their personal data is secure. Facilities would greatly benefit from partnering with disaster recovery consulting firms to ensure that thorough risk management is conducted and accounts for data security.