A biomedical research institute has agreed to pay a $3.9 million settlement to the federal government after an investigation determined that a stolen laptop contained the electronic protected health information of approximately 13,000 patients
NOTE: the data was not hacked it was exposed when a laptop was stolen. There is no evidence presented that the data was used in a malicious fashion or that anyone was harmed by identity theft.
The fine amounts to $300 for each of the 13,000 records that were lost.
If you lost a laptop or a thumb-drive with your 3000 dental patient records on it then an equivalent fine would be $900,000. Your liability insurance will not cover this fine. Could you stay in business if you were required to pay almost a million dollars out of pocket?
The only way to protect yourself is to ensure that all patient data stored anywhere is stored in an encrypted fashion.
To get started with a free HIPAA audit check out PCIHIPAA.