State Medicaid to pay $1.7M HIPAA settlement

Alaska's Department of Health and Social Services for the state Medicaid program has agreed to pay $1.7 million to the U.S. Department of Health & Human Services in a HIPAA settlement. The Alaska DHSS reported a possible breach when USB hard drive possibly containing electronic personal health information was stolen from an employee's vehicle. The HHS Office of Civil Rights then conducted an investigation and found DHSS had inadequate policies to safeguard confidential medical information.

In addition to paying damages in the settlement, DHSS also has agreed to ramp up security on its electronically-protected health information and implement practices including risk management and security training. OCR Director Leon Rodriguez said, "Covered entities must perform a full and comprehensive risk assessment and have in place meaningful access controls to safeguard hardware and portable devices." Statement

Suggested Articles

Walmart has delayed a new policy originally set to begin January 1 that would have required electronic prescriptions for controlled substances.

Epic CEO Judy Faulkner has big concerns about two federal interoperability rules, primarily that the rules undermine patient privacy.

CMS Administrator Seema Verma pushed back on hospitals' resistance to publishing payer-negotiated prices, as now mandated by a federal rule.