OCR fines behavioral health service $150,000 | HIPAA Update | 86 | Scoop.it

The Office for Civil Rights (OCR) announced December 8 that it fined an Alaska behavioral health service $150,000 for potential HIPAA violations, according to a press release. 

OCR entered into a resolution agreement with Anchorage Community Mental Health Services (ACMHS), a nonprofit behavioral healthcare service. On March 12, 2012, ACMHS notified OCR of a breach affecting 2,743 individuals. The breach was the result of malware that compromised the security systems of the behavioral healthcare provider, according to OCR.

The resolution agreement states that ACMHS failed to:

Conduct an accurate and thorough risk assessment of ePHI from April 21, 2005, through March 12, 2012Implement security policies and procedures to reduce risks and vulnerabilities to ePHI from April 21, 2005, through March 12, 2012Implement technical security measures to safeguard against unauthorized access to ePHI by failing to ensure firewalls were in place and that information technology resources were supported and updated with patches from January 1, 2008, through March 29, 2012

In addition to the monetary settlement, as part of the corrective action plan with OCR, ACMHS agreed to:

Provide an updated version of its security policies and proceduresAdopt a revised version of OCR-approved security policies and proceduresDistribute revised security policies and procedures to workforce members who work with ePHI and provide security awareness trainingObtain signed written or electronic initial compliance certification from all workforce members stating that they read, understand, and will abide by security policies and procedures

 

 


Via Technical Dr. Inc.