2.14.2013
New Jersey Medical Group Management Association
You have all seen on TV or read in the newspapers of business people losing or having their laptops and personal digital assistants ("PDAs", such as I-Phones) stolen; but do you know as a healthcare professional losing your laptop or PDA might create serious potential liability for you and/or your practice? A medical practice may incur severe civil penalties under the privacy and security regulations adopted pursuant to the federal Health Insurance Portability and Accountability Act of 1996 (the "HIPAA Privacy and Security Rules") if one of its employees loses a laptop or PDA that contains a patient's personal health information ("ePHI") of the ePHI is not properly encrypted. In addition, additional civil or other administrative penalties may result. Moreover, any individual affected by the loss or improper disclosure of their ePHI can also bring a lawsuit against the medical practice and the employee.
No one can guarantee that their laptop or PDA will never be lost or stolen, so medical practices should take reasonable steps to minimize exposure under the HIPAA Privacy and Security Rules and potential costly litigation. Such steps must be based upon a thorough risk analysis of the medical practice and full compliance with the HIPAA Privacy and Security Rules. At a minimum, the practice should do following:
To avoid problems and significantly reduce the risks of any possible violation of HIPAA Privacy and Security Rules or other violations of law as well as costly litigation, a medical practice should promptly take at least the above steps. Medical practices are strongly urged to consult with competent legal counsel to guide them through the complexities of the HIPAA Privacy and Security Rules as well as other applicable privacy laws.
Michael F. Schaff
Co-Chair, Corporate, Health and Cannabis Law Teams
Shareholder
732.855.6047