The Dept of Health and Human Services is stepping up enforcement of HIPAA privacy laws by handing out new fines against two violators.

From Government Computer News:

HIPAA requires health plans, health care clearinghouses and most health care providers to protect the privacy of patient information through administrative, physical and technical safeguards.

After an investigation by OCR, the agency found Mass General in violation when an employee left documents relating to 192 patients on a subway train. The documents, which were never recovered, included information on patient names, dates of birth, medical record numbers, health insurers and policy numbers, diagnoses and name of providers for 66 of those patients. HHS discovered the loss after a patient reported the records lost on March 9, 2009.

Mass General was fined $1 Million for this violation.  Imagine how many USB flash drives and other portable devices get lost in subway trains, taxis and other public places every year.  With HHS handing down stiff penalties, it's time to consider security plans for these devices.