Stolen Laptops lead to $$ HIPAA Settlements

Stolen Laptops lead to $$ HIPAA Settlements

Two entities have paid the U.S. Department of Health and Human Services Office for Civil Rights (OCR) $1,975,220 collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.

After receiving a breach report of a stolen laptop from Concentra Health Services, an OCR investigation determined that multiple risk analyses had identified un-encrypted laptops as a critical risk but the company had failed to consistently secure devices.

The second company, QCA Health Plan, reported a laptop stolen from an employee’s car, and an investigation by the OCR revealed that they had failed to comply with multiple requirements of the HIPAA Privacy and Security Rules.

The Resolution Agreements can be found on the OCR website at:

Encryption for laptops has significantly matured and can be implemented readily on desktops and laptops:

On the Mac:  FileVault2 –

On the PC: BitLocker –

Contact Double-Helix to learn more about best practices for transparent encryption of your company laptops.

Having a consistent process of implementing encryption across your devices will prevent your organization from having to report a breach if a laptop is lost or stolen.

Leave a Reply

You must be logged in to post a comment.