HIPAA Audit: OCR Is On The Move
Skagit County, Washington has agreed to a monetary settlement of $215,000 for potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security and Breach Notification Rules. In addition to this, Skagit County is also to work closely with the Department of Health and Human Services to correct deficiencies in its HIPAA compliance program.
Located in Northwest Washington, Skagit County has 118,000 residents. Its Public Health Department provides services to several individuals who would otherwise be unable to afford health care. Upon receiving a breach report that money receipts with electronic protected health information (ePHI) were being accessed by unknown parties, OCR opened an investigation of Skagit County. The report stated that ePHI of seven individuals were accessed and inadvertently moved to a publicly accessible server maintained by the county.
However, OCR’s investigation revealed a bigger exposure of PHI in the case, including the ePHI of 1581 individuals. The accessible files included sensitive information such as PHI concerning the diagnosis and treatment of infectious diseases. The investigation also further revealed the county’s widespread non-compliance with HIPAA Privacy, Security, and Breach Notification rules.
Skagit County’s HIPAA violation is a clear indication that despite continued efforts of OCR to bring about HIPAA compliance, there continues to be widespread indifference in the matter of safeguarding protected health information of patients.
Although Skagit County has been cooperating with OCR by implementing a corrective action plan to ensure that policies and procedures are put in place, documentation requirements are met, training and other measures are undertaken to comply with HIPAA rules, the fact is that such an incident could have been entirely avoided if the county had employed a simple yet comprehensive security solution like Aegify Security Posture Management or Aegify SecureGRC.
Related posts
