Medical firm settles with HHS over stolen laptopReprints
A medical device firm has agreed to pay a $2.5 million settlement in connection with a laptop stolen in 2012, said the U.S. Department of Health and Human Services’ Office for Civil Rights.
The laptop was stolen from a parked vehicle outside the home of an employee of Malvern, Pennsylvania-based Biotelemetry Inc., which was then known as CardioNet Inc., in January 2012, according to Monday’s statement by the Office of Civil Rights.
Biotelemetry is a wireless technology medical firm. The civil rights office said the settlement is the first involving a wireless health services provider.
The laptop contained the health information of 1,391 individuals, and the civil rights office’s investigation revealed it had an “insufficient risk analysis and risk management processes in place” at the time of the theft, among other findings, it said.
“Mobile devices in the health care sector remain particularly vulnerable to theft and loss,” Roger Severino, director of the civil rights office, said in the statement. “Failure to implement mobile device security by Covered Entities and Business Associates puts individuals’ sensitive health information at risk. This disregard for security can result in a serious breach, which affects each individual whose information is left unprotected.”
A Biotelemetry spokesman could not immediately be reached for comment.
Earlier this year, The Children’s Medical Center of Dallas paid a $3.2 million fine in connection with the loss of a BlackBerry device in 2009 and the theft of a laptop in 2013 that, combined, contained unencrypted data for more than 6,000 individuals, according to the civil rights office.