Failure to Encrypt Leads to $4.3 Million in HIPAA Civil Money Penalties | Practical Law
An administrative law judge (ALJ) has upheld an assessment by the Department of Health and Human Services (HHS) of $4.3 million in civil money penalties against a health provider and covered entity under the Health Insurance Portability and Accountability Act (HIPAA). HHS's investigation of the provider began after the covered entity submitted breach reports involving the theft or loss of unencrypted devices containing individuals' electronic protected health information (ePHI).