<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=293162&amp;fmt=gif">
Request A Demo
Request a demo to see how ZOLL's solutions can help improve the clinical and operational performance of your business.

Four Actionable Takeaways from the First Ambulance HIPAA Settlement

Written By: Ryan Stark

(2 min read) On December 30, 2019, the Office for Civil Rights (OCR) at the US Department of Health and Human Services announced that a small ambulance service  agreed to pay $65,000 and to adopt a rigorous Corrective Action Plan (CAP) to settle potential HIPAA violations. This was the first time an ambulance service paid a penalty to the government agency for a HIPAA violation. 


What Went Wrong?

An unencrypted laptop with information of 500 patients was left on the bumper of an ambulance. The agency reported the breach to the government, as required, and then OCR took a microscope to their HIPAA policies and procedures. Here’s what the OCR found:

  • They had not performed a HIPAA Security Risk Analysis.
  • They were lacking many security policies and procedures.
  • They did have security awareness training.
  • They did not have encryption on some devices.

Four Simple Compliance Steps You Can Take Today

  1. Ask your HIPAA compliance and IT folks “Have we done a HIPAA Risk Analysis recently, and is it documented?” If not, that’s your first priority. There are a number of companies that perform risk analyses.
  2. Look at your HIPAA training to see whether it incorporates Security Awareness Training. Look for things like training personnel on what e-threats look like and how to report breaches. If your training doesn’t cover Security Awareness, you need to add it or look for a training solution that incorporates it.
  3. Review the HIPAA Security Rule Matrix at the bottom the HIPAA Security Series document and ask whether you have policies for the standards mentioned. If not, you should look for a compliance solution or ask for help in developing these policies.
  4. Ask your IT folks, “Do we encrypt all of our devices?” If not, you need to – now. If the ambulance service named in the HIPAA settlement had encrypted the laptop, they would likely have prevented the situation that led to the fine.

    HIPAA PHI Breach

Help Resources for HIPAA Compliance

Visit the HHS.gov website for information on health information privacy training and resources in implementing privacy and security protections. There are also HIPAA compliance solutions available through law firms and other providers that specialize in this topic.

Related Post

Data Sharing Myth: HIPAA Prevents Bi-directional Health Information Exchange
Misconceptions About HIPAA Have Created an Artificial Barrier to Bi-directional Data Sharing Between EMS and Hospitals
Read More >
ZOLL Data Systems | Nov 13, 2020
What’s Next? More EMS Billing in the COVID Environment
Like all other providers in the healthcare ecosystem, emergency medical services (EMS) agencies have been impacted in many ways by the...
Read More >
New Perspectives Call for New EMS Practices in 2021
Undoubtedly, things have changed as a result of COVID-19. What were once accepted practices are no longer sufficient. EMS agencies must...
Read More >