Stay ahead of developments in federal and state health care law, regulation and transactions with timely, expert news and analysis.
Alaska's Medicaid agency will pay the federal government $1.7 million to settle allegations it violated the Health Insurance Portability and Accountability Act Security Rule.
The settlement marks the first time the Department of Health and Human Services Office for Civil Rights has brought HIPAA enforcement action against a state, OCR Director Leon Rodriguez said in June 26 news release announcing the settlement.
OCR had alleged the state agency did not comply with Security Rule requirements for:
• conducting risk analyses;
• implementing risk management measures;
• completing workforce security training;
• implementing device and media controls; and
• addressing device and media encryption.
OCR began investigating data privacy and security practices by the Alaska Department of Health and Human Services (DHHS) after the state agency in October 2009 reported a data breach, as required under the Health Information Technology for Economic and Clinical Health (HITECH) Act. The breach occurred when a USB hard drive on which electronic protected health information (ePHI) was stored was stolen from a DHHS employee's car, according to the release.
In January 2010, OCR began investigating the breach and determined the state had violated the HIPAA Security Rule, according to the resolution agreement between OCR and DHHS. As part of the investigation, DHHS provided OCR with documentation on its data privacy and security policies and procedures, including how it was complying with the HIPAA Privacy and Security Rules. In addition, OCR interviewed agency employees in July 2010.
The resolution agreement is not an admission of liability by DHHS, nor is it a concession by OCR that the state agency did not violate the HIPAA rules.
“Covered entities must perform a full and comprehensive risk assessment and have in place meaningful access controls to safeguard hardware and portable devices,” Rodriguez said in the release. “This is OCR's first HIPAA action against a state agency and we expect organizations to comply with their obligations under these rules regardless of whether they are private or public entities.”
By Kendra Casey Plank
The resolution agreement is at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/alaska-agreement.pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)