Healthcare entities (and their business associates) face stiff financial penalties for breaches resulting from the internal operations of the healthcare provider: $150,000 for a lost, unencrypted flash drive, $750,000 for sending an administrative service provider PHI without a signed BAA, and $2.5 million for a stolen laptop, just to name a few. Our colleagues in the Workplace Privacy, Data Management & Security practice group offer details about the risks healthcare providers face and the costs of ignoring compliance obligations. You can read it here.