$2.5 Million Settlement Shows That Not Understanding HIPAA Requirements Creates Risk
April 18, 2017
Here is yet another OCR case involving a single stolen laptop which then led to further investigation by OCR and that investigation showed a lack of policies and procedures which may have prevented this event. The lack of policies has been at the root of all major settlements and the corrective action plans instituted by the OCR is going to be a very long and “painful” process for CardioNet. These incidents are the reason all covered entities and business associates must have a Security Risk Assessment and implement policies and procedures.