Dexcomm Blog

HIPAA Case Study: Stolen USB, $1.7M Fines

August 21, 2012

You might consider your organization careful when protecting personal health information but are you sure that you have met all of the requirements of the Health Insurance Portability and Accountability Act (HIPAA)?  How would your organization rate in an investigation by the Office of Civil Rights (OCR)?

 

USBThe OCR recently conducted an investigation of the Alaska Department of Health and Human Services (DHHS) when a USB hard drive was stolen from the vehicle of an employee.  OCR discovered that DHHS did not have sufficient polices and procedures in place to safeguard electronic Personal Health Information.   Additionally, DHHS failed to meet many of the requirements of the HIPAA Security Rule including addressing device and media encryption, completing a risk analysis and security training for its workforce members, and implementing sufficient risk management measures and media controls.

 

“Covered entities must perform a full and comprehensive risk assessment and have in place meaningful access controls to safeguard hardware and portable devices,” said OCR Director Leon Rodriguez.  “This is OCR’s first HIPAA enforcement action against a state agency and we expect organizations to comply with their obligations under these rules regardless of whether they are private or public entities.”

 

The DHHS will pay the U.S. Department of Health and Human Services’ $1.7 million to settle potential violations of the (HIPAA) Security Rule.  Alaska has agreed to take corrective action to improve polices and procedures to safeguard the privacy and security of its patients’ protected health information.  

 

Being a government agency doesn’t protect you from the rules.  An investigation can occur at any time.  Ensure that you are aware of the requirements of HIPAA and that your workers are properly trained.  You can’t always protect information from a simple car burglary.  But you can be prepared in case it happens.  Violating HIPAA will not only cost you money.  It can cost you your reputation. 

 

What is considered a mobile device under HIPAA?

Learn how to protect your mobile device from causing a breach 

 

For more on this story:

HHS News 6/26/12

HHS Enforcement

 

 

 

 

 


Dexcomm is a Louisiana-based corporation that provides answering services to businesses and service agencies across the United States. We have been open since 1954, employ a staff of roughly 50 people, and our average client retention rate is 10+ years.

Connect With Us:

Twitter

Facebook

LinkedIn


 

Read More About The Author: Dexcomm

Want To Stay In The Know? Subscribe to our blog!

You can sign up to receive weekly or monthly copies of our latest blogs, keeping you current on best practices, tips, and expert insight into helping your business communicate at its very best.


why-use-an-answering-service-thumbWhen you do, we will send you our free infographic.

"Why Use an Answering Service?"

 

Subscribe Here!

Lists by Topic

see all