A new post over on Covington’s eHealth blog discusses a recent enforcement action taken by the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) against Catholic Health Care Services, a business associate under HIPAA, arising out of a stolen iPhone.  This recent enforcement action should put business associates on notice of the potential for significant liability for failure to implement required HIPAA policies and procedures.  Furthermore, business associates should take steps to ensure that all PHI on laptops and mobile devices is rendered unreadable and unusable to unauthorized users, such as through encryption.  Read the full post here.