The U.S. Department of Health and Human Services Office of Civil Rights entered into a $65,000 settlement agreement with an ambulance company after a laptop fell of the back bumper of an ambulance. The company reported the breach to OCR. The computer contained health information of 500 individuals and was not encrypted.
The investigation found failures of the company to conduct a risk analysis, failure to have security policies and procedures and failure to provide security training. The settlement agreement included a requirement for a two-year corrective action plan. The company will have to implement encryption software on all computers, follow a risk management and implement HIPAA policies and procedures.
A copy of the release from HHS may be accessed by clicking here.