Beth Israel Deaconess Medical
Center in Boston has agreed to pay $100,000 to settle the Massachusetts
Attorney General’s lawsuit over a 2012 data breach involving the theft of a
physician’s unencrypted laptop. In addition to the financial penalty, the
hospital will also have to revise its data security measures to ensure
compliance with state and federal law. The consent agreement requires
BIDMC to track and encrypt all hospital-purchased devices and to implement
ActiveSync or other technology that prevents unencrypted smartphones and tablet
devices from accessing personal information on the hospital’s email
servers. BIDMC must also review its policies and procedures regarding
portable device security and train employees on how to handle personal and protected
health information.
© Copyright 2014 Steptoe
& Johnson LLP. Steptoe & Johnson LLP
How to avoid a similar risk at your organisation?
i) establish your current position against the applicable legislation
ii) determine realistic goals to achieve the recommended position in terms of data protection
iii) Implement appropriate deliverable, including but not limited to a Data Protection Policy, IT Security Policy, Mobile Device policy and BYOD policy
iv) Implement standard training and audit procedures at your oganisation.
No comments:
Post a Comment