Alaska's Department of Health and Social Services for the state Medicaid program has agreed to pay $1.7 million to the U.S. Department of Health & Human Services in a HIPAA settlement. The Alaska DHSS reported a possible breach when USB hard drive possibly containing electronic personal health information was stolen from an employee's vehicle. The HHS Office of Civil Rights then conducted an investigation and found DHSS had inadequate policies to safeguard confidential medical information.
In addition to paying damages in the settlement, DHSS also has agreed to ramp up security on its electronically-protected health information and implement practices including risk management and security training. OCR Director Leon Rodriguez said, "Covered entities must perform a full and comprehensive risk assessment and have in place meaningful access controls to safeguard hardware and portable devices." Statement