The Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (MEEI) agreed to a $1.5 million settlement, earlier this week from a breach of patient protected health information (PHI), according to the U.S. Department of Health and Human Services (HHS).
Last February, the hospital reported the theft of an employee's laptop, which had unencrypted data on 3,621 patients and research subjects.
"In an age when health information is stored and transported on portable devices such as laptops, tablets and mobile phones, special attention must be paid to safeguarding the information held on these devices," OCR director Leon Rodriguez said in a statement. "This enforcement action emphasizes that compliance with the HIPAA Privacy and Security Rules must be prioritized by management and implemented throughout an organization, from top to bottom."
Additionally, a Kentucky-based hospital – The Cabinet for Health and Family Services – announced this week that an employee's email was hacked into through a phishing scam, which could possibly put up to 2,500 patients at risk of having their information exposed.
Healthcare IT News reported that within half an hour of the employee responding to the spam email, suspicious activity was reported and the email was deactivated. Rodney Murphy, executive director of the Office of Administrative and Technology Services, told the news source that is was more likely that the criminal wanted access to state government emails in order to send out spam, rather than use patient information.
Medical facilities are not the only organizations that need to keep data security a top priority. In this increasingly digital age, companies from all industries would be well-advised to work with a business continuity consultant to ensure that employees are properly educated in the most recent security measures.