Well, It looks like the HIPAA Enforcement Boys and Girls are getting serious. Mass Eye and Ear and Harvard Medical School were hit with a $1.5 Million Dollar Fine all stemming from the loss of one unencrypted laptop. The laptop was stolen or lost by a physician.
The problem, according to reports is that after they reported the loss of information, the HHS OCR came in and found them non-compliant in six areas and of not complying to the HIPAA Security Rule.
(In my humble opinion about 80 Percent of Hospitals are run this way.)
Along with the fine they will need to spend money addressing all the issues and have an Independent Monitor submit semi-annual reports to HHS.
So every time I speak to a Health Care CIO who says they are planning to do a Risk Analysis and Policy Review, but are just to busy virtualizing the Server Infrastructure.
I say Beware!
Link to HHS Press Release0