Law360, New York (January 24, 2013, 12:49 PM EST) -- The 2010 theft of an unencrypted laptop containing confidential health care information made front-page news in 2013, not because a huge number of patients were affected, but for the exact opposite reason. On Jan. 2, 2013, the U.S. Department of Health and Human Services Office of Civil Rights announced that it had reached a settlement with the Hospice of North Idaho for potential violations of the Health Insurance Portability and Accountability Act of 1996 security rule arising from the theft of its laptop. It was the first settlement involving a breach of unsecured electronic protected health information (ePHI) affecting fewer than 500 individuals. To be specific, information concerning "only" 441 patients was at issue. When announcing the $50,000 settlement, the head of the OCR indicated that the agency was intentionally sending "a strong message to the healthcare industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients' health information."...