Tuesday, June 26, 2012

$1.7 Million Settlement for HIPAA Security-Rule Violation

First HHS/OCR HIPAA enforcement action against a state agency.

The Alaska Department of Health and Social Services (the state Medicaid agency), has agreed to pay $1,700,000 to settle possible violations of the HIPAA Security Rule.

In addition, Alaska DHSS will take corrective action to properly safeguard the electronic protected health information (ePHI) of their Medicaid beneficiaries.
"Covered entities must perform a full and comprehensive risk assessment and have in place meaningful access controls to safeguard hardware and portable devices." - OCR Director Leon Rodriguez
The HHS Office for Civil Rights (OCR) began its investigation following a breach report submitted by Alaska DHSS as required by the HITECH Act. The investigation, OCR found evidence that DHSS did not have adequate policies and procedures in place to safeguard ePHI.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Alaska Medicaid settles HIPAA security case for $1,700,000 - HHS.gov, June 26, 2012
(b) HHS/OCR Resolution Agreement - HHS.gov, June 26, 2012

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.