A Boston hospital has settled for $218,400 claims by the Department of Health and Human Services that it compromised over 1,000 patients’ electronic protected health information (ePHI), violating the HIPAA Privacy, Security, and Breach Notification Rules.  According to HHS, St. Elizabeth’s Medical Center used an Internet-based document sharing program to store the ePHI of at least 498 patients, without having analyzed the risks of such a practice.  In addition, the unsecured ePHI of 595 patients stored on a former employee's personal laptop and USB flash drive was allegedly “breached.”  But it is not clear whether any of the ePHI was ever viewed by an unauthorized party, let alone misused.