Wireless Heart Monitor Maker to Pay $2.5M Settlement to HHS After Laptop Stolen

CardioNet, a remote mobile cardiac monitoring company, agreed to pay a $2.5 million settlement after an employee’s laptop with protected health information was stolen, the Department of Health and Human Services announced.

The laptop, stolen in 2012, contained more that 1,300 people’s health data that was subject to the Health Insurance Portability and Accountability Act of 1996. The theft, in this case, amounted to an “impermissible disclosure.” HHS said its investigation found the company had yet to implement policies and procedures to comply with HIPAA security and privacy requirements.

The settlement is the first involving a wireless health services provider, the department said.

“Mobile devices in the health care sector remain particularly vulnerable to theft and loss,” said HHS’ Office for Civil Rights Director Roger Severino in a statement. “Failure to implement mobile device security by Covered Entities and Business Associates puts individuals’ sensitive health information at risk.”

CardioNet agreed to settle for “potential non-compliance” of HIPAA and will implement a corrective action plan.