2 Thumb Drives, a Laptop and a $4.3M Fine: The Importance of Protecting ePHI

Over the summer an HHS Administrative Law Judge (ALJ) ruled that the University of Texas MD Anderson Cancer Center (MD Anderson) must pay $4.3 million in civil money penalties for HIPAA violations. The fine comes after the loss of three unencrypted devices (2 thumb drives and a laptop) led to an investigation revealing security protocols in place from 2006. You can read more about this case here.

Let’s be clear. Securing electronic protected health information (ePHI) on ANY unencrypted device exposes an organization to incredible risk. Not ensuring that your security protocols are current can have a devastating and lasting impact on organizations of any size.  It is to be avoided at all costs.


ISI Language Solutions takes IT security seriously. We are one of a handful of language service providers to undergo the exhaustive process of becoming HITRUST certified, a designation that assures all ISI clients that their PHI related communications are secure.

Keith Hagerman, Chief Security Information officer for Armor, recently described HITRUST certification in Healthcare IT News:

The Health Information Trust Alliance (HITRUST) was developed by healthcare and IT professionals, the HITRUST Common Security Framework (CSF) helps organizations by providing an efficient and prescriptive framework for managing the security requirements inherent in HIPAA. By integrating the diverse set of existing requirements applicable to agencies and businesses, HITRUST seeks to eliminate the inconsistencies and wasted resources so typical in reporting healthcare compliance.

By translating HIPAA and HITECH requirements into an actionable roadmap that is cross-referenced to many other security and data privacy regulations, the CSF provides organizations with a prescriptive set of controls that can be used to manage compliance across a broad range of regulatory requirements.

With one simplified compliance process, the CSF:

  • Incorporates existing, globally recognized standards such as HIPAA, NIST, ISO, PCI, FTC Red Flag and COBIT
  • Reduces risk of non-compliance with HIPAA
  • Scales according to your organization’s size, type and complexity
  • Provides clear, actionable guidelines
  • Evolves according to your needs, as well as changes in both the healthcare industry and the regulatory environment.”

As an organization that focuses on member, patient, and provider communications at scale, ISI Language Solutions takes our HITRUST certification seriously. ISI Language Solutions can work with your organization to ensure that the security and integrity of your member, patient, and provider communications adhere to applicable regulatory requirements.

To learn more please do not hesitate to contact us today at info@isitrans.com.