Alaska Medicaid Pays $1.7 Million for Data Breach | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Alaska Medicaid Pays $1.7 Million for Data Breach

June 27, 2012
by Gabriel Perna
| Reprints

The Alaska Department of Health and Social Services (DHSS) and the state Medicaid agency, has agreed to pay the U.S. Department of Health and Human Services’ (HHS) $1,700,000 to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  Additionally, Alaska’s DHSS agreed to take corrective action to properly safeguard the electronic protected health information (ePHI) of their Medicaid beneficiaries. 

The breach according to the Alaska DHSS was a stealing of a portable electronic storage device (USB hard drive) possibly containing ePHI from the vehicle of a DHSS employee.  Over the course of the investigation, OCR found evidence that DHSS did not have adequate policies and procedures in place to safeguard ePHI. The investigation initially began when the HHS Office for Civil Rights (OCR) after a breach report was submitted by Alaska DHSS as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. 

The evidence indicated that DHSS had not completed a risk analysis, implemented sufficient risk management measures, completed security training for its workforce members, implemented device and media controls, or addressed device and media encryption as required by the HIPAA Security Rule.

 “Covered entities must perform a full and comprehensive risk assessment and have in place meaningful access controls to safeguard hardware and portable devices,” OCR director Leon Rodriguez said in a statement.  “This is OCR’s first HIPAA enforcement action against a state agency and we expect organizations to comply with their obligations under these rules regardless of whether they are private or public entities.”

OCR enforces the HIPAA Privacy and Security Rules. The Privacy Rule gives individuals rights over their protected health information and sets rules and limits on who can look at and receive that health information. The Security Rule aims to protect health information in electronic form by requiring entities covered by HIPAA to use physical, technical, and administrative safeguards to ensure that electronic protected health information remains private and secure.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

Comments

There have been so many incidents of healthcare data breaches that this might be the “proverbial straw” making readers conclude breaches are inevitable. Readers might then repond by a strong compulsion to contract with one of the many Breach Response Services.

However, why not be proactive by taking the one action that eliminates the possibility of breach response and breach penalities, radically reduces the risk of a breach, and provides the strongest leagally defendable safeguards?

Qualifying for the HHS Safe Harbor from Breach Resporting provides all of the above and is explain on page 13 in the current issue on Privacy Insurance in the Betterley Report http://betterley.com/samples/cpims12_nt.pdf

News

KLAS Research: Small Hospitals’ Buying Decisions Impacting EMR Market Share

A new KLAS Research report tracks shifts in electronic medical record (EMR) vendor market share among acute care hospitals, and finds that smaller hospitals are seeking technology solutions that meet their needs and limited budgets, and these contracts are making a mark on the EMR market.

Survey: Majority of Providers Predict Success for New Generic Drug Company, Project Rx

Back in January, four health systems, in consultation with the VA, announced a collaboration to develop a new, not-for-profit generic drug company. A survey has found that 90 percent of providers say they would become customers of the new venture.

Personalized Medicine Awareness Low Among U.S. Adults, Survey Finds

Genetics and personalized medicine are not top of mind for the general public in the U.S., according to a recent survey from GenomeWeb and the Personalized Medicine Coalition.

Industry Organizations Praise Senate Passage of VA Mission Act

The U.S. Senate on Wednesday passed, by a vote of 92-5, a major Veterans Affairs (VA) reform bill that includes health IT-related provisions to improve health data exchange between VA healthcare providers and community care providers.

NIH Issues Funding Announcement for All of Us Genomic Research Program

The National Institutes of Health’s (NIH) “All of Us” Research Program has issued a funding announcement for genome centers to generate genotype and whole genome sequence data from participants’ biosamples.

MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).