The HHS Office for Civil Rights has fined Concord, Mass.-based Adult and Pediatric Dermatology $150,000 to resolve allegations of violations of the HIPAA privacy and security rules following the September 2011 theft of an unencrypted thumb drive from an employee’s vehicle.

The settlement fee accompanies a corrective action plan under which the provider agrees to develop a risk analysis and risk management plan to address vulnerabilities and to submit a report to OCR. The agency took the action after determining that the dermatology practice did not have policies and procedures to address provisions of the breach notification rule.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access