Blog: Alaska Provider Reaches HIPAA Settlement with OCR for Security Deficiencies

Cooley LLP
Contact

On December 8, 2014, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that Anchorage Community Mental Health Services (“ACMHS”) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  ACMHS will pay a $150,000 penalty and also enter into a two year Corrective Action Plan (“CAP”) to improve its HIPAA security compliance program.

OCR first learned of the potential HIPAA violations upon receipt of a security breach report from ACMHS in March 2012.  At that time, ACMHS reported that the electronic protected health information (“ePHI”) of 2,743 people on its system had been compromised as a result of malware jeopardizing its electronic resources.  Upon investigation, OCR discovered that ACMHS had adopted outdated HIPAA security policies but never implemented them, and also that ACMHS had failed to regularly update IT resources with available patches.  Pursuant to its CAP, ACMHS will adopt and distribute HIPAA security policies and procedures that are up to date.  ACMHS will also conduct training of its workforce, institute a security management process, and promptly submit reports of non-compliance with HIPAA to OCR.

Regarding this settlement, OCR Director Jocelyn Samuels explained that “successful HIPAA compliance requires a common sense approach to assessing and addressing the risks to ePHI on a regular basis.  This includes reviewing systems for unpatched vulnerabilities and unsupported software that can leave patient information susceptible to malware and other risks.”  Entities subject to HIPAA are advised to ensure that electronic systems have been appropriately updated and that important security patches have been downloaded.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Cooley LLP | Attorney Advertising

Written by:

Cooley LLP
Contact
more
less

Cooley LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.