The Alaska Department of Health and Social Services and the state’s Medicaid agency have consented to pay $1.7 million to the U.S. Department of Health and Human Services to settle possible violations of the Health Insurance Portability and Accountability Act of 1996 Security Rule. The state’s DHSS has also agreed to take steps to better safeguard the health information of Alaska Medicaid beneficiaries.
The HHS Office for Civil Rights (OCR) started its probe after receiving a privacy breach report by Alaska DHSS. The report noted that a UBS hard drive that possibly contained electronic protected health information was stolen from a DHSS employee’s vehicle.
During the probe, OCR discovered evidence that DHSS had not implemented the adequate procedures and policies to guard this information. Also, it did not appear as if DHSS had completed risk analysis, put into place enough risk management measures, finished security training for workforce members, implemented device and media controls, or taken care of device and media encryption, per HIPAA Security Rule requirements.
The is the first HIPAA enforcement action that OCR, which is in charge of enforcing HIPAA Privacy and Security Rules, has brought against a state agency. Under the Privacy Rules, individuals are granted rights over their protected health information, and limits and rules are provided regarding who is entitled to examine and receive that information. Under the Security Rules, health information in electronic form are protected by the requirement that HIPAA-covered entities apply technical, physical, and administrative safeguards to make sure that this data stays secure and private.
You may have the right to sue if your medical records were lost and/or your privacy has been violated. Please contact one of our Boston injuries lawyers at Altman & Altman, LLP and we can help you determine whether you have a Massachusetts breach of privacy case on your hands.
Alaska Medicaid agency to pay $1.7 million in HIPAA settlement, Modern Healthcare, June 26, 2012
More Blog Posts:
Did You Know That If A Massachusetts Hospital Loses Your Medical Records You Have the Right to Sue?, Boston Injury Lawyer Blog, March 8, 2011
Middleborough Woman Sues Tufts Medical Center for Breach of Privacy and Seeks Punitive Damages, Boston Injury Lawyer Blog, July 14, 2011