RSS Alerts
Alaska’s state Medicaid agency has agreed will pay a $1.7 million fine for the loss of an unencrypted USB drive that may have contained protected patient data

Share

More services

Related Stories

  • HHS fines Phoenix Cardiac Surgery $100,000 for HIPAA violations
    The US Department of Health and Human Services (HHS) has fined Phoenix Cardiac Surgery $100,000 for posting clinical and surgical appointments for its patients on a publicly available calendar, as well as for other violations of Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules.
  • HIPAA compliance concerns slow cloud adoption by healthcare organizations
    Compliance with Health Insurance Portability and Accountability Act (HIPAA) information security regulations are deterring many healthcare organizations from adopting cloud computing, noted Mike Murphy, vice president of technology operations at healthcare information vendor MD-IT.
  • Comment: HIPAA vs The Cloud
    Cloud computing provides a cost effective service option for the IT needs of healthcare organizations; however, loss of assured end-to-end control of data can create HIPPA compliance issues. Chris Witt, CEO of WAKE Technology Services, serves up his perspective on the tradeoffs
  • HHS to give patients right to see who has accessed their records
    The Department of Health and Human Services (HHS) has proposed that the Health Insurance Portability and Accountability (HIPAA) privacy rule be amended to allow a patient to receive a report on individuals and organizations that have accessed his or her electronic medical records.
  • HIPAA poses greatest compliance challenges for information security
    The Health Insurance Portability and Accountability Act (HIPAA) is the most challenging information security regulation for businesses to implement, according to a survey by IT management products firm Ipswitch.

Top 5 Stories

News

Alaska state agency slapped with $1.7 million fine for data loss

27 June 2012

Alaska’s state Medicaid agency has agreed to pay a $1.7 million federal fine for the loss of an unencrypted USB drive that may have contained protected patient information, and for failing to take action to safeguard health information on Medicaid recipients.

In 2009, the Alaska Department of Health and Social Services (DHSS) informed the US Department of Health and Human Services that an unecrypted USB drive that may have contained electronic protected health information (ePHI) of Medicaid recipients was stolen from the vehicle of a DHSS employee.

As a result of an investigation into the breach, the HHS Office of Civil Rights (OCR) determined that the Alaska agency did not have adequate policies and procedures in place to safeguard ePHI. The OCR also uncovered that the agency had not completed a risk analysis, implemented sufficient risk management measures, completed security training for its workforce members, implemented device and media controls, or addressed device and media encryption as required by the Health Insurance Portability and Accountability Act (HIPAA) security rule.

To settle possible HIPAA violations, DHSS agreed to pay a hefty $1.7 million fine, as well as implement a corrective action plan that requires it to review, revise, and maintain policies and procedures to ensure compliance with the HIPAA security rule. OCR has appointed a monitor to check up on the state’s efforts in this area.

“Covered entities must perform a full and comprehensive risk assessment and have in place meaningful access controls to safeguard hardware and portable devices,” said OCR director Leon Rodriguez. “This is OCR’s first HIPAA enforcement action against a state agency and we expect organizations to comply with their obligations under these rules regardless of whether they are private or public entities.”
 

This article is featured in:
Compliance and Policy  •  Data Loss  •  Encryption  •  Malware and Hardware Security  •  Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions | Privacy | Website Design| Reed Exhibitions. All rights reserved. Copyright © 2013
We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×