Resource:
Loss Scenario: Stolen Insulin Pumps Contained PHI
Learn the risks a health care organization loss scenario can present, and how Chubb can save you time, money and liability.
DESCRIPTION OF EVENT
A rural community hospital provided insulin pumps to its diabetic patients when prescribed by their physicians. The pumps contained protected health information (PHI) that was not encrypted, although the pumps were stored on site when not in use. A hospital employee conducting an inventory check discovered that more than 150 insulin pumps had been stolen from the hospital supply closet, which the employee reported to the hospital administration. After an unsuccessful attempt by the thieves to file fraudulent tax returns in the name of several of the affected patients, the patients filed a civil suit under the state privacy statute.
RESOLUTION
The hospital spent $100,000 engaging counsel for compliance assessment and providing notification and call center services for the diabetic patients affected by the incident. The hospital also spent $175,000 in defense costs responding both to the civil suit and a separate regulatory inquiry, as well as $150,000 in Health Information Technology for Economic and Clinical Health (HITECH) Act fines and penalties for not having encrypted the PHI stored on the pumps and not having a more robust tracking system to secure the PHI.
Could this happen to your organization? Contact your trusted Chubb agent or broker.
