I work as a Medical Transcription Analyst in Health Information Management, and I would agree that it's surprising it took this long for a fine to be issued. The most common HIPAA violations are caused by:
1) Providers and staff throwing away papers containing patient information.
2) Sending unencrypted emails from personal emails.
3) Accessing VPN networks on non secure home computers.
I remember a story a while back about a MD who accidentally released hundreds of patient's info because their kid's P2P software automatically uploaded all hard drive contents. Hopefully this fine will get the healthcare industry to focus on security.
