Alaska Medicaid fined $1.7 million for patient info breach

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.alaskadispatch.com/article/alaska-medicaid-fined-17-million-patient-info-breach

The U.S Department of Health and Human Services (HHS) has fined Alaska's
Medicaid office $1.7 million for a possible breach of patient privacy,
according
to the news site
Governing<http://www.governing.com/news/federal/gov-alaska-medicaid-fined-17-million-for-possible-patient-data-breach.html>
.

The Department of Health and Social Services (DHSS) in Alaska, which is
responsible for running the state's Medicaid program, filed a statement
earlier in the month reporting that sensitive medical information had been
stolen when a DHSS employee's computer went missing from a car.

On June 26, the HHS Office of Civil Rights, or OCR, announced the results
of its investigation. HHS found that the Alaska Medicaid office did not
have appropriate procedures and policies in place to help protect patient
information therefore violated the federal Health Insurance Portability and
Accountability Act (HIPAA).

OCR enforces HIPAA privacy and security rules. OCR Director Leon Rodriguez
said that in a press
release<http://www.hhs.gov/news/press/2012pres/06/20120626a.html> that
the Alaska case was "OCR’s first HIPAA enforcement action against a state
agency and we expect organizations to comply with their obligations under
these rules regardless of whether they are private or public entities.”

HHS concluded that the Alaska office is to pay a fine of 1.7 million and
come up with a new action plan to correct the procedure and policy breaches.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.