Federal regulators lowered the boom on the former owner of several nursing homes after an iPhone containing the medical records of more than 400 residents was stolen.
Catholic Health Care Services of the Archdiocese of Philadelphia will pay $650,000 under settlement terms that also stipulate extensive self-analyses, documentation and improvement plans for patient record policies and practices.
The stolen phone sparked a federal investigation that exposed CHCS’ shortcomings in evaluating risks of storing patients’ personal health information on mobile devices, officials said.
They also found CHCS had not taken appropriate security measures to prevent the improper disclosure of patient records.
“Everyone in the HIPAA circle of enforcement should be paying close attention to mobile device security practices,” said case attorney Kirk Nahra.