OCR fines Children’s Medical Center of Dallas $3.2 million for lack of encryption

Children’s Medical Center of Dallas has been fined $3.2 million by the U.S. Department of Health and Human Services for noncompliance with HIPAA regulations and for disclosing unsecured electronic Protected Health Information (ePHI) during two data breaches. The breaches were caused by a lack of encryption on devices and failure to report the incidents. Despite warnings as far back as 2007, the hospital continued to use unencrypted devices until 2013. The fine serves as a reminder of the importance of implementing adequate security measures to protect health information.