True Story of a Compliance Nightmare: A Cautionary Tale

Ok, we don’t mean to be fear-mongers here. 

But we do feel an obligation to make our public aware of what can happen when you are negligent, ill-prepared or simply unaware of the rules & regulations in the area of Compliance. Again, we’re not making this up to scare you, but rather these policies are in fact mandatory and are enforceable by law, as you will see in the example below.  

The following are the details of a true story – but for the purposes of privacy, let’s just call the company that this happened to, Company X:

A Corrective Action Plan and $1,040,000 is the cost for Company X to settle the potential HIPAA violation related to an unencrypted stolen laptop.

Company X filed a breach report with The Office for Civil Rights (OCR) concerning the theft of an affiliated hospital employee’s laptop containing electronic protected health information (ePHI) including: patients’ names, medical record numbers, demographic information, and medication information.

 The breach affected 20,431 individuals.

OCR’s investigation determined that there was systemic noncompliance with the HIPAA Rules including a failure to encrypt ePHI on laptops after Company X determined it was reasonable and appropriate to do so. 

OCR also uncovered a lack of device and media controls, and a failure to have a business associate agreement in place with Company X.

This is what can really happen (and the STEEP price to pay!) when you fail to implement HIPAA standards; particularly across your digital devices, email, and electronic health information. 

The importance of this cannot be stressed enough. As we always say, an ounce of prevention can save you a pound of pain. 

Be thorough and take your preventative measures. If you’re not sure what the rules are, ask and do your research – the answers are all out there. 


Get the professional consultation and training that you need to help avoid these detrimental situations. At MEG, you can now pre-order our new “Ethics and Compliance Program For Your Private Practice” created in partnership with compliance expert, Daniel Hirsch. Save 15% if you pre-order the course by August 7, 2020!

Don’t be at the mercy of what you don’t know – remember that knowledge = power! Get on top of your Compliance department, today! 

New call-to-action

Recent Blogs

Go to Top