Wash. county to pay $215,000 over HIPAA vi­o­la­tions

Modern Healthcare - - REGIONAL NEWS - —Joseph Conn

The Of­fice for Civil Rights at HHS has reached a $215,000 set­tle­ment with Wash­ing­ton state’s Sk­agit County fol­low­ing a se­cu­rity breach of 1,581 lo­cal pa­tients’ per­son­ally iden­ti­fi­able med­i­cal in­for­ma­tion, ac­cord­ing to the federal agency. The set­tle­ment puts gov­ern­men­tal bod­ies across the coun­try on no­tice about tak­ing Health In­sur­ance Porta­bil­ity and Ac­count­abil­ity Act com­pli­ance se­ri­ously.

“This case marks the first set­tle­ment with a county govern­ment and sends a strong mes­sage about the im­por­tance of HIPAA com­pli­ance to lo­cal and county gov­ern­ments, re­gard­less of size,” said Su­san McAn­drew, deputy di­rec­tor of health in­for­ma­tion pri­vacy at the OCR. “These agencies need to adopt a mean­ing­ful com­pli­ance pro­gram to en­sure the pri­vacy and se­cu­rity of pa­tients’ in­for­ma­tion.”

The OCR, which has en­force­ment author­ity for HIPAA’s pri­vacy and se­cu­rity rule pro­vi­sions, be­gan its Sk­agit County in­ves­ti­ga­tion with a breach in­ci­dent in which elec­tronic re­ceipts for seven pa­tients con­tain­ing their pro­tected health in­for­ma­tion were im­prop­erly placed on­line and ac­cessed.

In­ves­ti­ga­tors soon found that nearly 1,600 in­di­vid­u­als’ records had been sim­i­larly ex­posed, the OCR said, in­clud­ing in­for­ma­tion about test­ing and treat­ment of in­fec­tious dis­eases. The probe also re­vealed “gen­eral and wide­spread non­com­pli­ance” by Sk­agit County with the pri­vacy, se­cu­rity and breach no­ti­fi­ca­tion pro­vi­sions of HIPAA. The county’s pub­lic health depart­ment pro­vides ser­vices to in­di­vid­u­als who might not other­wise be able to af­ford health­care.

In ad­di­tion to its mon­e­tary penalty, Sk­agit County also agreed to a cor­rec­tive ac­tion plan and to pro­vide OCR with reg­u­lar sta­tus re­ports.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.