Health Information Management

OCR fines behavioral health service $150,000

HIM-HIPAA Insider, December 22, 2014

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

The Office for Civil Rights (OCR) announced December 8 that it fined an Alaska behavioral health service $150,000 for potential HIPAA violations, according to a press release.

 
OCR entered into a resolution agreement with Anchorage Community Mental Health Services (ACMHS), a nonprofit behavioral healthcare service. On March 12, 2012, ACMHS notified OCR of a breach affecting 2,743 individuals. The breach was the result of malware that compromised the security systems of the behavioral healthcare provider, according to OCR.
 
The resolution agreement states that ACMHS failed to:
  • Conduct an accurate and thorough risk assessment of ePHI from April 21, 2005, through March 12, 2012
  • Implement security policies and procedures to reduce risks and vulnerabilities to ePHI from April 21, 2005, through March 12, 2012
  • Implement technical security measures to safeguard against unauthorized access to ePHI by failing to ensure firewalls were in place and that information technology resources were supported and updated with patches from January 1, 2008, through March 29, 2012
In addition to the monetary settlement, as part of the corrective action plan with OCR, ACMHS agreed to:
  • Provide an updated version of its security policies and procedures
  • Adopt a revised version of OCR-approved security policies and procedures
  • Distribute revised security policies and procedures to workforce members who work with ePHI and provide security awareness training
  • Obtain signed written or electronic initial compliance certification from all workforce members stating that they read, understand, and will abide by security policies and procedures
This article originally appeared on HCPro’s HIPAA Update blog. Stay up to date on all things HIPAA by signing up for e-mail updates from this blog.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular