Following the theft of a doctor’s unencrypted personal laptop storing data on patients and research subjects, Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates (collectively MEEI) have agreed to pay the U.S. Department of Health and Human Services (HHS) $1.5 million to settle potential violations of the Security Rule within the Health Insurance Portability and Accountability Act of 1996 (HIPAA). MEEI was also ordered to follow a new Corrective Action Plan (CAP) to ensure it complies with HIPAA, perform risk assessment, train staff and submit to semi-annual audits for three years. The doctor was travelling abroad in 2010 when his laptop – holding prescriptions and clinical information on around 3,500 patients – was stolen.