Device Manufacturer Will Pay $2.5M to Settle Potential HIPAA Noncompliance

April 24, 2017
CardioNet, a Malvern, Pa.-based device manufacturer and a subsidiary of BioTelemtry, has agree to pay a $2.5 million settlement with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) due to potential noncompliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.

CardioNet, a Malvern, Pa.-based device manufacturer and a subsidiary of BioTelemtry, has agree to pay a $2.5 million settlement with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) due to potential noncompliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.

According to a press release from HHS, the potential HIPAA compliance stems from the impermissible disclosure of unsecured electronic protected health information (ePHI) following the theft of an employee’s laptop. As part of the resolution agreement, CardioNet also agreed to implement a corrective action plan. The settlement is the first involving a wireless health services provider, according to HHS, as CardioNet provides remote mobile monitoring of and rapid response to patients at risk for cardiac arrhythmias.

HHS report states that in January 2012, CardioNet reported to the HHS’ OCR that a workforce member’s laptop was stolen from a parked vehicle outside of the employee’s home. The laptop contained the ePHI of 1,391 individuals. OCR’s investigation into the impermissible disclosure revealed that CardioNet had “an insufficient risk analysis and risk management processes in place at the time of the theft,” HHS stated. Additionally, “CardioNet’s policies and procedures implementing the standards of the HIPAA Security Rule were in draft form and had not been implemented.” Further, the company was unable to produce any final policies or procedures regarding the implementation of safeguards for ePHI, including those for mobile devices, according to HHS.

Sponsored Recommendations

Clinical Evaluation: An AI Assistant for Primary Care

The AAFP's clinical evaluation offers a detailed analysis of how an innovative AI solution can help relieve physicians' administrative burden and aid them in improving health ...

From Chaos to Clarity: How AI Is Making Sense of Clinical Documentation

From Chaos to Clarity dives deep into how AI Is making sense of disorganized patient data and turning it into evidence-based diagnosis suggestions that physicians can trust, leading...

Bridging the Health Plan/Provider Gap: Data-Driven Collaboration for a Value-Based Future

Download the findings report to understand the current perspective of provider and health plan leaders’ shift to value-based care—with a focus on the gaps holding them back and...

Exploring the future of healthcare with Advanced Practice Providers

Discover how Advanced Practice Providers are transforming healthcare: boosting efficiency, cutting wait times and enhancing patient care through strategic integration and digital...