Some of the most sensitive PHI data is housed at local health departments. With that said, having strict guidelines, security measures, etc is paramount to serving public health.
A few months ago, Alaska Department of Health and Human Services (DHHS) agreed to pay the U.S. Department of Health and Human Services’ (HHS) $1.7 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. Alaska also agreed to take corrective action to improve policies and procedures to safeguard the privacy and security of its patients’ protected health information.
OCR’s investigation followed a breach report submitted by Alaska DHHS as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. The report indicated that a portable electronic storage device (USB hard drive) possibly was stolen from the vehicle of a DHHS computer technician potentially containing electronic protected health information (e-PHI) on or about October 12, 2009.