Providence Health & Services was first organization penalized for violating HIPAA privacy section of the federal Health Insurance Portability and Accountability Act. The Seattle-based organization hired Eric Cowperthwaite to help it clean up the mess in 2006. The hospital agreed to fork over $100,000 and make good on a systems improvement plan as part of a deal with the U.S. Department of Health & Human Services (HHS) to settle allegations it lost laptops with individually identifiable health information in 2005 and 2006.”]
Source: https://www.csoonline.com/article/2134583/when-patient-data-can-t-be-kept-under-lock-and-key.html