Stolen Laptop Leads to $2.5 Million HIPAA Breach Penalty

Malvern, Penn.-based CardioNet, Inc., essentially had no process at all for securely managing electronic protected health information of patients it was hired to monitor, at the time two breaches occurred in early 2012.

Aldrin Brown, Editor-in-Chief

April 25, 2017

2 Min Read
Stolen Laptop Leads to 25 Million HIPAA Breach Penalty

The theft of a laptop computer containing information of nearly 1,400 patients was among two HIPAA breaches that led a Pennsylvania provider of remote heart monitoring to pay $2.5 million, federal authorities said this week.

Malvern-based CardioNet, Inc., essentially had no process at all for securely managing electronic protected health information (ePHI) of the patients it was hired to monitor, at the time the breaches occurred in early 2012, according to investigators from the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR).

CardioNet – a covered entity – was found to have insufficient risk analysis and risk management processes, in violation of the security and privacy rules of the Health Insurance Portability and Accountability Act (HIPAA).

“CardioNet’s policies and procedures implementing the standards of the HIPAA Security Rule were in draft form and had not been implemented,” OCR officials said in a statement. “Further, the Pennsylvania–based organization was unable to produce any final policies or procedures regarding the implementation of safeguards for ePHI, including those for mobile devices.”

On its website, CardioNet is described as the world’s leading supplier of mobile cardiac outpatient telemetry.

“CardioNet provides the next-generation ambulatory cardiac monitoring service with beat-to-beat, real time analysis, automatic arrhythmia detection and wireless ECG transmission,” the website says. “CardioNet prides itself with helping clinicians prevent morbidity, mortality and disability with rapid diagnosis and treatment of patients with cardiovascular disease.”

The first reported breach occurred on Jan. 10, 2012, when a laptop containing the ePHI of 1,391 people was stolen from a car parked outside of a CardioNet employee’s home.

“Mobile devices in the health care sector remain particularly vulnerable to theft and loss,” OCR director Roger Severino said in a statement.

“Failure to implement mobile device security by Covered Entities and Business Associates puts individuals’ sensitive health information at risk,” the statement continued. “This disregard for security can result in a serious breach, which affects each individual whose information is left unprotected.”

OCR did not provide details of the second – larger – breach, which occurred on Feb. 27, 2012, and compromised the ePHI of 2,219 individuals.

An email sent to the OCR press office was not immediately returned.

CardioNet’s settlement brings the amount of HIPAA breach payments collected by OCR thus far this year to $14.3 million.

Last year, the agency collected a record $23.5 million, up from $6.2 million in all of 2015.

 

Send tips and news to [email protected].

Read more about:

AgentsMSPsVARs/SIs

About the Author

Aldrin Brown

Editor-in-Chief, Penton

Veteran journalist Aldrin Brown comes to Penton Technology from Empire Digital Strategies, a business-to-business consulting firm that he founded that provides e-commerce, content and social media solutions to businesses, nonprofits and other organizations seeking to create or grow their digital presence.

Previously, Brown served as the Desert Bureau Chief for City News Service in Southern California and Regional Editor for Patch, AOL's network of local news sites. At Patch, he managed a staff of journalists and more than 30 hyper-local and business news and information websites throughout California. In addition to his work in technology and business, Brown was the city editor for The Sun, a daily newspaper based in San Bernardino, CA; the college sports editor at The Tennessean, Nashville, TN; and an investigative reporter at the Orange County Register, Santa Ana, CA.

 

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like