BreachExchange mailing list archives
Alaska Medicaid fined $1.7 million for patient info breach
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Tue, 3 Jul 2012 13:12:01 -0400
http://www.alaskadispatch.com/article/alaska-medicaid-fined-17-million-patient-info-breach The U.S Department of Health and Human Services (HHS) has fined Alaska's Medicaid office $1.7 million for a possible breach of patient privacy, according to the news site Governing<http://www.governing.com/news/federal/gov-alaska-medicaid-fined-17-million-for-possible-patient-data-breach.html> . The Department of Health and Social Services (DHSS) in Alaska, which is responsible for running the state's Medicaid program, filed a statement earlier in the month reporting that sensitive medical information had been stolen when a DHSS employee's computer went missing from a car. On June 26, the HHS Office of Civil Rights, or OCR, announced the results of its investigation. HHS found that the Alaska Medicaid office did not have appropriate procedures and policies in place to help protect patient information therefore violated the federal Health Insurance Portability and Accountability Act (HIPAA). OCR enforces HIPAA privacy and security rules. OCR Director Leon Rodriguez said that in a press release<http://www.hhs.gov/news/press/2012pres/06/20120626a.html> that the Alaska case was "OCR’s first HIPAA enforcement action against a state agency and we expect organizations to comply with their obligations under these rules regardless of whether they are private or public entities.” HHS concluded that the Alaska office is to pay a fine of 1.7 million and come up with a new action plan to correct the procedure and policy breaches.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Alaska Medicaid fined $1.7 million for patient info breach Jake Kouns (Jul 03)