A local dentist had her server stolen recently from her office in Emeryville California. Against our advice, the doctor had decided not to protect the server with an encryption software we asked her to have us install. This security software encrypts the entire server as soon as anyone unplugs the server from the electrical outlet and will not give anyone access to any patient data. This doctor’s action resulted in a major breach incident and an inspection by the Office of Civil Rights. The case against this dentist is still pending the final violations and penalties report.
Potential penalties are estimated at over $150,000 for this major breach (over 500 patients compromised).
Important Takeaways:
A. Please don’t wait until something like this happens to you before you implement a comprehensive HIPAA program and purchase at least $500,000 worth of Cyberecurity insurance.
B. Make sure you have all the following HIPAA compliance tasks completed:
- Technical, administrative, and physical risk assessment by an IT expert
- Written Gap analysis report
- Written Remediation report and
- Site specific HIPAA policies and procedures (475 pages)
- Two-hour HIPAA training