Is It a HIPAA Breach?

I thought that I would try something different for this blog post. I’m going to describe a common HIPAA potential breach and ask questions about it. In the next post, I will provide the answers and pose some more questions. I will answer those questions in the third post. Consider this scenario:

A nurse that works for a home health agency uses a laptop to record what she does with her patients. She leaves the laptop hidden under a blanket in the back seat of her car when she stops for lunch at a fast-food restaurant. She does remember to lock her car, but it does not have an alarm system that makes the lights flash and the horn honk when someone tries to break in. When she returns to the car, she sees that someone has broken out a window and that the laptop is missing.

Questions (the answers may be “yes,” “no,” or “maybe”):

  1. Assuming that the laptop was encrypted, is this incident a breach of security?
  2. Assuming that the laptop was encrypted, is this incident a breach of privacy?
  3. Assuming that the laptop was encrypted, is this incident a breach that must be reported to the Department of Health and Human Services (“DHHS”)?
  4. Assuming that the laptop was encrypted, is this incident a breach that is due to a “reasonable cause” and not to “willful neglect?” (Breaches due to willful neglect carry the highest civil money penalties, and the penalty may not be waived as it can in the case of a breach due to a reasonable cause).
  5. Assuming that the laptop was not encrypted, is this incident a breach of security?
  6. Assuming that the laptop was not encrypted, is this incident a breach of privacy?
  7. Assuming that the laptop was not encrypted, is this incident a breach that must be reported to DHHS?
  8. Assuming that the laptop was not encrypted, is this incident a breach that is due to a “reasonable cause” and not to “willful neglect?”

Take your best shot, and stay tuned for my first set of answers. If you can’t wait for my next post, you can find the answers in my book How to Handle HIPAA and HITECH Act Breaches, Complaints, and Investigations: Everything You Need to Know, Overland Park, KS: Veterans Press, Inc., 2011, available at veteranspress.com.

seo by: k.c. seo