What Do You Think?:
Could 'Willful Neglect'Violations Apply To Stolen Laptop?
Published on Fri Feb 04, 2011
It could happen, says HIPAA expert. Willful neglect violations can lead to some humongous fines. And one of a home care provider's biggest vulnerabilities may be portable devices containing unsecured protected health information (PHI), say experts (see related article, this page). The Department of Health and Human Services "hasn't formally made a determination that a lost or stolen laptop [or other device containing unencrypted PHI posing a significant risk of harm to an individual] represents willful neglect," observes consultant Abner Weintraub in Orlando, Fla. "If HHS made such a finding, it would likely be that not encrypting the data would constitute the 'willful neglect.'" That could happen considering that the Health Insurance Portability and Accountability Act "is a reasonableness standard," Weintraub says. "Covered entities are supposed to take reasonable precautions against reasonably anticipated risks." And that includes the potential for what have been widely reported thefts of laptops containing unencrypted [...]