A Rhode Island health system has agreed to pay around $1 million and carry out a corrective action plan after an affiliated hospital employee’s unencrypted laptop containing patient health information was stolen from a car in 2017, the U.S. Department of Health and Human Services said Monday.

Providence-based Lifespan Health System reached the $1,040,000 deal with HHS’ Office of Civil Rights (OCR) for possible violations of Health Insurance Portability Act (HIPAA) privacy and security rules. An investigation showed that Lifespan failed to encrypt all devices used for work-related purposes and didn’t implement procedures to track devices that access the network or hold protected health data, the department said.

To read the full story on Westlaw Today, click here: bit.ly/32ZcjF1