A mobile cardiac monitoring company was slapped with a $2.5 million fine over HIPAA violations by the Department of Health and Human Services, according to a government statement. The fine was spurred not only because of a stolen laptop with unencrypted data on it but also because of poor risk management practices.
The agreement is not an admission of guilt, a detailed version of the statement said.
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
The violation dates back to 2012, before CardioNet changed its name to BioTelemetry. CardioNet staffer’s laptop was stolen from their car parked outside their home, according to the company’s report to the HHS Office for Civil Rights. The laptop included the personal health information of 1,391 individuals. OCR’s subsequent investigation revealed that CardioNet had risk analysis and risk management processes that feel short of what’s acceptable at the time of the theft.
Additionally, CardioNet’s policies and procedures implementing the standards of the HIPAA Security Rule were in draft form and had not been implemented. It didn’t produce any final policies or procedures regarding the implementation of safeguards for digital personal health information, including for mobile devices.
“Mobile devices in the health care sector remain particularly vulnerable to theft and loss,” said Roger Severino, OCR Director, in the statement. “Failure to implement mobile device security by Covered Entities and Business Associates puts individuals’ sensitive health information at risk. This disregard for security can result in a serious breach, which affects each individual whose information is left unprotected.”
The company seems to have moved on since the security lapse. In addition to the name change, BioTelemetry is consolidating its position in the cardiac mobile monitoring category with the acquisition of Switzerland-based LifeWatch in a $257 million deal.
A Personalized Approach to Medication Nonadherence
At the Abarca Forward conference earlier this year, George Van Antwerp, managing director at Deloitte, discussed how social determinants of health and a personalized member experience can improve medication adherence and health outcomes.
Photo: Danil Melekhin, Getty Images
