The U.S Department of Health and Human Services (HHS) has fined Alaska's Medicaid office $1.7 million for a possible breach of patient privacy, according to the news site Governing.
The Department of Health and Social Services (DHSS) in Alaska, which is responsible for running the state's Medicaid program, filed a statement earlier in the month reporting that sensitive medical information had been stolen when a DHSS employee's computer went missing from a car.
On June 26, the HHS Office of Civil Rights, or OCR, announced the results of its investigation. HHS found that the Alaska Medicaid office did not have appropriate procedures and policies in place to help protect patient information therefore violated the federal Health Insurance Portability and Accountability Act (HIPAA).
OCR enforces HIPAA privacy and security rules. OCR Director Leon Rodriguez said that in a press release that the Alaska case was "OCR’s first HIPAA enforcement action against a state agency and we expect organizations to comply with their obligations under these rules regardless of whether they are private or public entities.”
HHS concluded that the Alaska office is to pay a fine of 1.7 million and come up with a new action plan to correct the procedure and policy breaches.
For more on the HHS ruling, click here.