With less than two days left in 2019, the Department of Health and Human Services’ Office for Civil Rights announced that a small, rural Georgia ambulance provider agreed to pay $65,000 to settle claims of multiple HIPAA Security Rule violations. The ambulance company filed a breach report in 2013 reporting that an unencrypted laptop containing the information of exactly 500 patients fell off the bumper of an ambulance and was not recovered. This report triggered an investigation, which revealed that the ambulance company had not performed a risk analysis, did not have a security training program and failed to implement Security Rule policies or procedures. Read the Resolution Agreement here.
