Stolen Smartphone Draws A HIPAA Charge

In a case that a McGuire Woods client alert calls the first ever settlement of a HIPAA claim against a “business associate,” a non-profit nursing home management group was found liable for a violation after an employee’s smart phone was stolen. The smart phone contained personal information, unencrypted and not password protected, on more than 400 people. McGuire Woods attorneys Nathan A. Kottkamp and Lauren M. Ramos see this case as likely the first of many that will target business associate infractions, and in particular in cases where information has been lost and entities are found to have failed to implement effective business associate agreements. The corrective action plan in this case could be considered “a compliance checklist of sorts,” the authors write. That plan, which specified policies, procedures, and employee education, is included as part of the settlement agreement.