<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=293162&amp;fmt=gif">
ZOLL Pulse Blog: Find out about the latest insights for EMS, Fire, Hospital, and AR Optimization.
Request A Demo
Request a demo to see how ZOLL's solutions can help improve the clinical and operational performance of your business.

Four Actionable Takeaways from the First Ambulance HIPAA Settlement

Written By: Ryan Stark

(2 min read) On December 30, 2019, the Office for Civil Rights (OCR) at the US Department of Health and Human Services announced that a small ambulance service  agreed to pay $65,000 and to adopt a rigorous Corrective Action Plan (CAP) to settle potential HIPAA violations. This was the first time an ambulance service paid a penalty to the government agency for a HIPAA violation. 


What Went Wrong?

An unencrypted laptop with information of 500 patients was left on the bumper of an ambulance. The agency reported the breach to the government, as required, and then OCR took a microscope to their HIPAA policies and procedures. Here’s what the OCR found:

  • They had not performed a HIPAA Security Risk Analysis.
  • They were lacking many security policies and procedures.
  • They did have security awareness training.
  • They did not have encryption on some devices.

Four Simple Compliance Steps You Can Take Today

  1. Ask your HIPAA compliance and IT folks “Have we done a HIPAA Risk Analysis recently, and is it documented?” If not, that’s your first priority. There are a number of companies that perform risk analyses.
  2. Look at your HIPAA training to see whether it incorporates Security Awareness Training. Look for things like training personnel on what e-threats look like and how to report breaches. If your training doesn’t cover Security Awareness, you need to add it or look for a training solution that incorporates it.
  3. Review the HIPAA Security Rule Matrix at the bottom the HIPAA Security Series document and ask whether you have policies for the standards mentioned. If not, you should look for a compliance solution or ask for help in developing these policies.
  4. Ask your IT folks, “Do we encrypt all of our devices?” If not, you need to – now. If the ambulance service named in the HIPAA settlement had encrypted the laptop, they would likely have prevented the situation that led to the fine.

    HIPAA PHI Breach

Help Resources for HIPAA Compliance

Visit the HHS.gov website for information on health information privacy training and resources in implementing privacy and security protections. There are also HIPAA compliance solutions available through law firms and other providers that specialize in this topic.

Related Post

Hosted Computing Eases Orderly Transition to SaaS Solutions
(5 min read) There are many reasons that business applications are moving to the cloud, or Software as a Service (SaaS) model. One of...
Read More >
How To Humanize Data and Empower Every Position in Your EMS Organization
(6 min read) When was the last time you heard your field-level providers talking about unit hour utilization (UHU), time on task, and...
Read More >
ZOLL Data Systems | May 14, 2021
Spring Cleaning for Your EMS Billing 
(2 min read) The COVID-19 pandemic has made it more important than ever for EMS agency billers and managers to conduct their annual...
Read More >