Hospice of North Idaho Data Breach (2013)

The June 2010 theft of an unencrypted laptop from an employee's car resulted in the exposure of patient information. The HHS Office for Civil Rights investigated the breach and found that HONI had not conducted a risk analysis to safeguard electronic protected health information. It was also discovered that HONI did not meet a HIPAA Security Rule that required them to have policies or procedures in place to address mobile device security. HONI agreed to pay the U.S. Department of Health and Human Services' (HHS) $50,000 regarding potential Health Insurance Portability and Accountability Act of 1996 Security Rule violations. HONI also began taking extensive steps to improve their HIPAA Privacy and Security compliance program since the June 2010 breach.