State Medicaid to pay $1.7M HIPAA settlement

Alaska's Department of Health and Social Services for the state Medicaid program has agreed to pay $1.7 million to the U.S. Department of Health & Human Services in a HIPAA settlement. The Alaska DHSS reported a possible breach when USB hard drive possibly containing electronic personal health information was stolen from an employee's vehicle. The HHS Office of Civil Rights then conducted an investigation and found DHSS had inadequate policies to safeguard confidential medical information.

In addition to paying damages in the settlement, DHSS also has agreed to ramp up security on its electronically-protected health information and implement practices including risk management and security training. OCR Director Leon Rodriguez said, "Covered entities must perform a full and comprehensive risk assessment and have in place meaningful access controls to safeguard hardware and portable devices." Statement

Suggested Articles

Learn how health plans can demonstrate agility with analytics to shape benefit plans in a time of healthcare transformation.

As hospitals face a new wave of ransomware attacks, a HIMSS survey finds most organizations still are under-investing in cybersecurity.

FBI warns U.S. hospitals and healthcare providers of imminent cybercrime threats; 5 important safeguards to take now