TRENDING:

Alaska HIPAA Penalty: $1.7 Million

Medicaid Program Cited for Breach, Security Shortcomings Marianne Kolbasuk McGee (HealthInfoSec) • June 26, 2012    
Alaska HIPAA Penalty: $1.7 Million

The Alaska Department of Health and Social Services has agreed to pay $1.7 million to settle a HIPAA case involving a stolen USB drive potentially containing Medicaid beneficiaries' health information.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

The Department of Health and Human Service's Office for Civil Rights' list of major breaches says only 501 people were affected by the October 2009 incident. But the settlement agreement cites a long list of security shortcomings at the state agency.

As part of the settlement, Alaska DHSS also agreed to a corrective action plan in which the agency is required to "review, revise, and maintain policies and procedures to ensure compliance with the HIPAA Security Rule." An external monitor will report back to OCR regularly on the state's ongoing compliance efforts, according to the settlement agreement.

The settlement is OCR's first HIPAA enforcement action against a state agency.

The breach incident involved a portable USB storage device containing protected health information that was stolen from the vehicle of a DHSS computer technician in October 2009.

An OCR investigation determined that DHSS had not completed a risk assessment; had not implemented sufficient risk management measures; had not completed security training for DHSS workforce members; and had not implemented device and media controls.

"Covered entities must perform a full and comprehensive risk assessment and have in place meaningful access controls to safeguard hardware and portable devices," OCR director Leon Rodriguez said in a statement.

Previous
GAO Presses HHS for Privacy Guidance
Next
24 Busted in International Card Fraud Sting

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.



Around the Network

Why Hospitals Should Beware of Malicious AI Use
Why Hospitals Should Beware of Malicious AI Use
Protocol Isolation: The Key to Securing OT Environments
Protocol Isolation: The Key to Securing OT Environments
How AI Can Help Speed Up Physician Credentialing Chores
How AI Can Help Speed Up Physician Credentialing Chores
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Getting a Tighter Grip on Vendor Security Risk in Healthcare
How the Healthcare Sector Can Boost Credential Management
How the Healthcare Sector Can Boost Credential Management
AI in Healthcare: The Growing Promise - and Potential Risks
AI in Healthcare: The Growing Promise - and Potential Risks
How Biden's AI Executive Order Will Affect Healthcare
How Biden's AI Executive Order Will Affect Healthcare
Joe Sullivan on What CISOs Need to Know About the Uber Trial
Joe Sullivan on What CISOs Need to Know About the Uber Trial
Mapping Access - and Attack - Paths in Active Directory
Mapping Access - and Attack - Paths in Active Directory
How State Governments Can Regulate AI and Protect Privacy
How State Governments Can Regulate AI and Protect Privacy

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.