Failure to comply with HIPAA-compliance includes detection and notification procedures in the event of a breach.
This is a nightmare scenario and illustrates the consequences of not having a comprehensive risk-management initiative.
Read all about it on this New York Times article: http://www.nytimes.com/2011/09/09/us/09breach.html?_r=1&hp
No one is immune from breaches – could the legal, financial and privacy risks have been mitigated by enforcing acceptable use contractors for vendors? I like to think so. It is item 14 on our HIPAA Compliance checklist…