Doctor concerned with health care law

Breaking news and expert analysis on legal and compliance issues

[Back To Home][Back To Archives]

From Health Law Daily, March 18, 2016

Stolen laptop costs research institute a $3.9M settlement and corrective action plan

By Bryant Storm, J.D.

Following allegations that Feinstein Institute for Medical Research improperly disclosed research participants’ protected health information (PHI), the research institute agreed to undertake a corrective action plan (CAP) and pay $3.9 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (P.L. 104-191) Privacy and Security Rules.

PHI. The settlement with the HHS Office for Civil Rights (OCR) arose after the biomedical research institute filed a breach report indicating that on September 2, 2012, a laptop containing the PHI of approximately 13,000 patients and research participants was stolen from an employee’s car. The stolen data included patient information concerning the names of research participants, dates of birth, addresses, social security numbers, diagnoses, laboratory results, medications, and medical information relating to potential participation in a research study.

Policies. An investigation by the OCR revealed that Feinstein’s security risk management process was inadequate. Specifically, the OCR discovered that Feinstein did not have any policies or procedures to regulate the manner in which laptops containing PHI could be moved in and out of its facilities. Additionally, the research institute did not have sufficient procedures regarding workforce access to PHI and had inadequate safeguards to prevent unauthorized users from accessing PHI.

Corrective action plan. Under the terms of the resolution agreement and CAP, the institute must develop a security management process that includes a risk-analysis, an inventory of equipment and systems, and the development of a risk management plan, all of which will be subject to HHS approval. The institute also has obligations under the CAP to update security policies, train staff and follow certain reporting requirements.

Companies: Feinstein Institute for Medical Research

MainStory: TopStory NewsStory AgencyNews ComplianceNews ClinicalNews EHRNews HIPAANews ProgramIntegrityNews

Back to Top

Health Law Daily

Introducing Wolters Kluwer Health Law Daily — a daily reporting service created by attorneys, for attorneys — providing same-day coverage of breaking news, court decisions, legislation, and regulatory activity.


A complete daily report of the news that affects your world

  • View full summaries of federal and state court decisions.
  • Access full text of legislative and regulatory developments.
  • Customize your daily email by topic and/or jurisdiction.
  • Search archives for stories of interest.

Not just news — the right news

  • Get expert analysis written by subject matter specialists—created by attorneys for attorneys.
  • Track law firms and organizations in the headlines with our new “Who’s in the News” feature.
  • Promote your firm with our new reprint policy.

24/7 access for a 24/7 world

  • Forward information with special copyright permissions, encouraging collaboration between counsel and colleagues.
  • Save time with mobile apps for your BlackBerry, iPhone, iPad, Android, or Kindle.
  • Access all links from any mobile device without being prompted for user name and password.