West Georgia Ambulance agreed to pay a $65,000 fine to the Office for Civil Rights to settle potential HIPPA violations, according to a Dec. 30 news release.
In 2013, West Georgia Ambulance filed a data breach notice. The company indicated that around 500 individuals may have had their information exposed after an unencrypted laptop was lost.
An OCR investigation found that West Georgia Ambulance had a longstanding of noncompliance with HIPAA. The ambulance provider failed to conduct risk analysis, provide a security awareness and training program and implement HIPAA policies and procedures.
Along with $65,000 settlement, West Georgia Ambulance agreed to undertake a corrective action plan, which includes two years of monitoring.
"The last thing patients being wheeled into the back of an ambulance should have to worry about is the privacy and security of their medical information," said OCR Director Roger Severino. "All providers, large and small, need to take their HIPAA obligations seriously."