Arizona Counseling and Treatment Services Center reported a HIPAA breach of information relating to more than 500 patients. A company laptop containing personal health information (PHI) was stolen from an employee’s home in late March.
The laptop contained patient names, dates of birth and clinical treatment data. While the laptop was fitted with a tracking device, the information was not held in an encrypted format. For this reason, the electronic PHI was considered breached and notification was required to be made to affected individuals.
The Office of Civil Rights has reported 65,000 HIPAA breaches since 2009, resulting in an estimated $50 million of enforcement penalties.