All About Cloud Hosting And Security

HIPAA Business Associate Lawsuit Filed

By in Compliance

As predicted, the litigation surrounding HIPAA/HITECH is heating up.  This time, a business associate has been sued by the Attorney General’s office of Minnesota.  The story is very typical.  The business associate left an unencrypted laptop in a rental car.  The laptop, which was loaded up with PHI, was stolen, endangering all data.

Laptop Computer Theft

Along with the loss of data comes business reputation damage and fines.  It’s a familiar problem that’s being repeated daily, among many prestigious institutions.  Check out this list of breaches and you’ll see this type of data loss is not exclusive to small organizations.  In fact, any organization that handles this type of sensitive data can suffer a similar fate.

Securing Laptops Does Not Have To Be Hard

These days, it’s not difficult to prevent a data breach like this from happening.  If you have mobile workers and they carry sensitive information you must use Compliant Mobile Security.  Ironically, the cost for this type of service is not that expensive.  For sure the small cost is much less than what a fine brings!  Add in the additional costs of litigation and damage to reputation and you’ll quickly understand why so many people are adopting complete compliance solutions BEFORE any trouble hits.  Right now the Federal court system is not going after business associates, but as this case illustrates, state attorney generals may be.

As David Harlow points out in the referenced article, it’s not just direct HIPAA action that organizations have to worry about.  In fact, they also must be concerned with ‘ancillary lawsuits’ that could be derived from their improper use of data.  Once the data has been exposed, a new set of issues arises.  Even though HIPAA doesn’t directly provide for third-party lawsuits, being sued by another entity in a private lawsuit in relation to the initial breach is very possible.  That’s just one more reason to cover your you-know-what by implementing enforced, automatic compliance.

We can expect a lot more legal action concerning HIPAA/HITECH going forward.  It’s time to protect your organization now!