By Erin McCann
Healthcare Finance News
Originally published June 27, 2012
The Alaska Department of Health and Social Services (DHSS) – the state’s Medicaid agency – has agreed to pay $1.7 million to the U.S. Department of Health and Human Services (HHS) to settle possible violations of the HIPAA Security Rule, making it the second largest settlement for HIPAA violations to date.
As part of the settlement, the state has also agreed to take corrective action to properly safeguard the electronic personal health information (PHI) of their Medicaid beneficiaries.
The HHS Office for Civil Rights (OCR) began its investigation following a breach report submitted by Alaska DHSS as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. The report indicated that a portable electronic storage device (USB hard drive) possibly containing PHI was stolen from the vehicle of a DHSS employee. PHI from an estimated 2,000 individuals was stored on the device.
The entire story is here.
Editorial Note: Please do not tranfer large amounts of personal data from a secure data bank to a jump drive, lap top or other portable storage device.