As a longtime Alaska health care consultant I was shocked and appalled when I opened my email news feed from the U.S. Department of Health and Human Services today. Inside was the stunning story of the Alaska Department of Health and Social Services paying the feds to settle possible violations of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, dating from October 2009. Where are the Empire’s or other Alaskan newspaper’s journalists when a federal announcement reveals a stunning loss of public revenue to Alaskans to the tune of $1.7 million?
The stunning part to me is that these laws have been in force since 1996. That’s 16 years, folks. How long does it take for a state agency to comply with federal law? And have the people whose information was potentially released received any notice? You can read the DHHS enforcement agreement for yourself at: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/alaska-agreeme...
So what we have is an employee who leaves a computer in a car, the computer gets stolen, and the state pays $1.7 million to settle the potential violation of the breach of a person (or persons) protected health information. Please tell me that there is someone minding the store. This is why state employees need to actually do their jobs and be held accountable to the citizenry of Alaska, instead of just taking home a paycheck. Who was the commissioner in 2009? I’m sure they won’t receive any fallout from this disastrous finding by the feds.
The Office of Civil Rights determined that the Alaska DHSS had not 1) completed a risk analysis; 2) implemented sufficient risk management measures; 3) completed security training for DHSS workforce members; 4) implemented device and media controls; and 5) addressed device and media encryption. Oh my goodness, what HAVE they been doing? Certainly not paying attention to federal law compliance.
I know I’ll hear back that this is a huge agency that has many difficult tasks at hand. That’s all well and good, but if we can’t even make sure that our largest government agency in Alaska is minding their operation, why should we all pay for the fallout? And why have a newspaper if they don’t report the news that matters to you and me? Let’s just hope the corrective action plan that DHSS has agreed to will not be violated as well. Otherwise they (oh wait, we) face more fines. Sign me — A Frustrated Alaskan
Freda Miller, CMA (AAMA), CPC, PCS)