From the ADA News:
Concord, Mass.—A dermatology practice will pay the federal government $150,000 to settle potential violations of the Health Insurance Portability and Accountability Act…
OCR began investigating APDerm after receiving a report that an unencrypted thumb drive containing the electronic protected health information of about 2,200 people was stolen from a staff member’s car.
This is the first settlement from a medical/dental office based on the finding that the practice did not have policies and procedures in place. The hefty fine is just part of the settlement the practice also needs to implement corrective action and report to the OCR (office of Civil Rights).
The breach was the theft of a thumb drive from a staff member’s car. There is no report that any patients were in fact harmed but the office has been fined never the less.