On December 8th the U.S. Department of Health and Human Services, Office for Civil Rights (HHS-OCR) released a statement saying Anchorage Community Mental Health Services (ACMHS) has agreed to pay a $150,000 fine as a result of their non-compliance case which was one of the largest pay-out fines of this year. In 2005, following a tip from ACMHS about a breech in the facilities security protecting ePHI, HHS-OCR launched an investigation.
The cause of the breech was due to a malware infection which affected 2,743 individuals and compromised the security of their sensitive information. A case was brought against the facility as the breech could have easily been avoided had ACMHS followed the ePHI security guidelines outlined in HIPAA. ACMHS readily accepted to pay the settlement fine, as well as to adopt a corrective action plan to correct deficiencies in its HIPAA compliance program and to report to HHS-OCR on the state of its compliance for two years.
Compliance with the HIPAA Security Rules requires that organizations are to assess any possible risks to their ePHI information on a regular biases. This is because policies and procedures can change, and any changes must be put into effect to maintain compliance.
This case was posted as a warning to other companies who handle and store any PHI data. Failure to maintain compliance with HIPAA guidelines can result in hefty fines as well as bad publicity for your business. If you're unsure about your company's compliance stance, consult a professional firm such as All Point Compliance. With their help, you can ensure your company or business stays compliant with the HIPAA guidelines, avoiding any accidental non-compliance fines. Contact us today for more information.