In response to a 2012 data breach, Boston's Beth Israel Deaconess Medical Center will now pay $100,000 as the result of a recent court decision. The fine stems from an incident in which an unencrypted personal laptop went missing from a physician's office, putting nearly 3,800 individuals at risk of exposure. The Center was also slow to respond, taking roughly a month longer than HIPAA law allows to inform victims of the breach.
Despite the negative attention this has brought to Beth Israel, Chief Information Officer Dr. John Halamka has protested that the organization has improved recently and increased its security spending by millions of dollars since the incident, according to the Boston Business Journal. He described the struggle to protect medical information as a "cold war," since criminals are constantly escalating their means of attack.
"If HIPAA requires, as a CIO, I'm responsible for every bit of data, no matter where it lives, how do you ensure even things like a privately purchased laptop is encrypted?," he asked. " It's a combination of technology, encryption and policy. That was the big push from 2012 to the present, making sure everything is encrypted."
Earlier this month, another Boston hospital, Brigham and Women's, reported that a phone and laptop were stolen from the premises. In this case, these devices actually were encrypted, and the situation still resulted in HIPAA violations, making the third breach for the organization overall.
Although Dr. Halamka asserts that encryption is the most important part of pre-breach prevention measures. With the help of a HIPAA compliance services, medical providers will learn more about the more complicated effort they will need to make in order to truly protect their data rather than simply following what they assume is required.