Wednesday, June 27, 2012

Alaska Medicaid Agency To Pay $1.7M To Settle HIPAA Case

 

Why our health system is so expensive.

Does this appeal to your common sense? No ! Robbing Peter to pay Paul. The State of Alaska should have been required to use the funds to train their workers in HIPAA

This case was over three years ago, when HIPAA was just coming into effect nationally.

Don’t waste my money on idiocy!!

Needless bureaucracy and expense.

Alaska Medicaid Agency To Pay $1.7M To Settle HIPAA Case

Alaska's Department of Health and Social Services -- which oversees the state's Medicaid program -- has agreed to pay $1.7 million to settle possible violations of the HIPAA Security Rule, Modern Healthcare reports.

Leon Rodriguez, director of HHS' Office for Civil Rights, in a statement said, "This is OCR's first HIPAA enforcement action against a state agency, and we expect organizations to comply with their obligations under these rules regardless of whether they are public or private entities" (Zigmond, Modern Healthcare, 6/26).

About the Possible Violations

In October 2009, Alaska's DHSS submitted a breach report to OCR indicating that a portable electronic storage device that might have contained protected health information had been stolen from the car of a DHSS computer technician (HHS agreement, 6/26).

After investigating the breach, OCR found that DHSS had failed to:

  • Address the encryption of devices and media;
  • Complete a health data risk analysis;
  • Conduct health data security training for employees; and
  • Implement controls for devices and media (Goedert, Health Data Management, 6/26).

Details of the Settlement

In addition to paying the settlement, DHSS agreed to review, revise and maintain its policies to ensure compliance with the HIPAA Security Rule.

As part of the agreement, a designated monitor will report to OCR regularly about DHSS' compliance efforts (Cadet, CMIO, 6/27).

 

No comments: