Because of the $1 million fine that Massachusetts General paid for the “million dollar subway ride,” in which a worker took protected health information (“PHI”) home to work on and left it on the subway, other hefty fines for the loss of electronic protected health information (“EPHI”), such as on laptops, and the fact that the single biggest category of breaches reported to the Department of Health and Human Services (“DHHS”) under the HITECH Act’s requirement to report breaches of unsecured (readable) data, consisting of lost or stolen laptops or other portable devices, I have written a new Physical Transportation of PHI Policy.

This new policy is posted on the Premium Member section of this website. This new policy is a little more simplified than the movement of PHI policy that I had written earlier. As always, I hope that this new policy is something that our Premium Members can adapt to their situations and make good use of. And as always, this new policy is in a Word® document file, so you can download it, plug in your organization’s name and any other specific information, and easily make it yours.

If you have situations that you think could use a good policy, please let me know. I am always on the lookout for new policies to draft to help my readers, seminar attendees, and consulting clients comply with HIPAA and the HITECH Act.