Lahey pays $850K for ‘widespread’ HIPAA non-compliance

Lahey Hospital and Medical Center will pay $850,000 to settle potential HIPAA violations related to lax security. The hospital failed to conduct a risk analysis of its electronic protected health information, safeguard workstations that accessed patient data, and maintain policies related to data security. The violations were uncovered after the hospital reported a stolen laptop containing the protected health information of 599 patients. Lahey will be required to adopt a corrective action plan to address the deficiencies.