[ISN] Oncology group slapped with $750K HIPAA fine

http://www.healthcareitnews.com/news/oncology-group-slapped-750k-hipaa-fine By Erin McCann Managing Editor Healthcare IT News September 2, 2015 Healthcare security folks, listen up: Failing to encrypt portable devices and laptops containing patient data could result in a serious HIPAA fine, as one Indiana-based health group can now attest to. Cancer Care Group, a large radiation oncology practice in Indianapolis, is reevaluating its privacy and security practices after it was slapped with a $750,000 HIPAA settlement from the Department of Health and Human Services. It agreed to pay the sum to settle alleged HIPAA violations involving a breach that occurred three years ago. Back in August 2012, Cancer Care reported a HIPAA security breach to the the Office for Civil Rights, after an unencrypted server backup media and laptop was stolen from an employee’s car. Officials discovered the device contained the protected health information, Social Security numbers and insurance data for some 55,000 patients. Following an investigation launched by the Office for Civil Rights, the HHS division responsible for investigating HIPAA compliance, it was discovered that even before the breach Cancer Care was in “widespread non-compliance with the HIPAA Security Rule,” HHS said in a Sept. 2 statement. […]