Alaska Medicaid Settles HIPAA Security Case for $1,700,000

Alaska’s State Medicaid agency (the “Agency”), has agreed to pay the U.S. Department of Health and Human Services’ (“HHS”) $1,700,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Alaska has also agreed to take corrective action to properly safeguard the electronic protected health information (“ePHI”).

The HHS Office for Civil Rights (“OCR”) began its investigation following a breach of ePHI. The breach was the result of the loss of a USB drive possibly containing ePHI. Over the course of the investigation, OCR found that the Agency did not have adequate policies and procedures in place to safeguard ePHI. Further, the Agency had not completed a risk analysis, implemented sufficient risk management measures, completed security training for its workforce members, implemented device and media controls, or addressed device and media encryption as required by the HIPAA Security Rule.

In addition to the $1,700,000 settlement, the agreement includes a corrective action plan that requires the Agency to review, revise, and maintain policies and procedures to ensure compliance with HIPAA.

All healthcare providers that transmit protected health information electronically are required to have a HIPAA plan, and to comply with the requirements of HIPAA, Health Information Technology for Economic and Clinical Health (“HITECH”) Act, and applicable state laws. Frier Levitt has extensive experience in advising clients on HIPAA, HITECH, and patient privacy laws and can assist in the preparation and implementation of HIPAA compliance plans that fulfill both Federal and State requirements.

Alaska Medicaid Settles HIPAA Security Case for $1,700,000

New Jersey Ends Telehealth Flexibilities for Schedule II Controlled Substances

Designing Impactful Interventions and Corrective Actions: More Than a Checkbox

AI Conversations and Attorney-Client Privilege: What United States v. Heppner Means for Your Organization

Frier Levitt Secures ALJ Win in Medicare Wound-Care Overpayment Appeal

A Cautionary Tale: Failure to Meet Timely Ownership and Control Disclosure Requirements for New York Medicaid Pharmacy Providers

MDLinx Features Alex Keoskey: “The limits of medical boards: The risk physicians can’t afford to ignore”

Wound Care Audits Continue to Escalate, with Prosecutions on the Rise

Vertical Integration in Healthcare Could be Banned if the Patients Over Profit Act (“POP Act”)-Passes in Congress

Alaska Medicaid Settles HIPAA Security Case for $1,700,000

Related Insights

New Jersey Ends Telehealth Flexibilities for Schedule II Controlled Substances

Designing Impactful Interventions and Corrective Actions: More Than a Checkbox

AI Conversations and Attorney-Client Privilege: What United States v. Heppner Means for Your Organization

Frier Levitt Secures ALJ Win in Medicare Wound-Care Overpayment Appeal

A Cautionary Tale: Failure to Meet Timely Ownership and Control Disclosure Requirements for New York Medicaid Pharmacy Providers

MDLinx Features Alex Keoskey: “The limits of medical boards: The risk physicians can’t afford to ignore”

Wound Care Audits Continue to Escalate, with Prosecutions on the Rise

Vertical Integration in Healthcare Could be Banned if the Patients Over Profit Act (“POP Act”)-Passes in Congress