Hospital hit with $100K HIPAA bill

Beth Israel Deaconess Medical Center in Boston will pay $100,000 to the state of Massachusetts after a physician failed to follow the hospital’s laptop encryption policy and an unencrypted laptop containing the health information of around 4,000 patients was stolen. The hospital did not notify patients of the breach until three months later, in violation of HIPAA regulations. The settlement includes a $70,000 civil penalty, $15,000 in attorney fees, and a $15,000 payment to educational programs related to protecting personal health information.