Healthcare entities (and their business associates) face stiff financial penalties for breaches resulting from the internal operations of the healthcare provider: $150,000 for a lost, unencrypted flash drive, $750,000 for sending an administrative service provider PHI without a signed BAA, and $2.5 million for a stolen laptop, just to name a few. Our colleagues in … Continue Reading