In every practice’s nightmare come true, the Alaska Department of Health and Human Services had one misstep that sparked a full-blown audit – exposing all manner of skeletons in their electronic medical records system’s closet.
It started with a portable electronic storage device (or USB hard drive) getting stolen out of the vehicle of an employee of the Alaska DHHS. The USB potentially contained protected health information, and the Department of Health and Human Services’ Office of Civil Rights launched a thorough investigation of the Alaska DHHS to determine whether they were up to date on all current security precautions for their electronic medical systems.
The investigation uncovered, among other things, that the Alaska DHHS had not performed an acceptable security risk assessment on their system. Additionally, they had not implemented sufficient risk management measures, had not completed security training for Alaska DHSS workforce members, and had not implemented device and media controls.
“Covered entities must perform a full and comprehensive risk assessment and have in place meaningful access controls to safeguard hardware and portable devices,” OCR director Leon Rodriguez said in a statement.
After all was said and done, the Alaska DHHS settled for $1.7 million – a shockingly high number which will likely serve as a wake-up call for every practice putting off their security risk assessment or thinking they can get by with a less comprehensive test because they don’t think they will ever get audited.
With the first installment of Meaningful Use payments coming to an end this year (2012), practices are focused on how to ensure their full incentive payment. But as audits are being performed more frequently, and with that number expected to rise even more with the implementation of the Affordable Care Act (aka “Obamacare”) over the next few years, incentive payments seem to pale in comparison to these debilitating fines for non-compliance.
Here at DataFile, we offer a comprehensive security risk analysis that not only helps you check some of the measures on your Meaningful Use attestation, but also ensures you are audit-proof in the event of an investigation – no matter how intensive.
If your practice has been putting off performing a security risk assessment, stop waiting – you never know when a surprise visit from the OCR could have you shelling out massive fine payments. Contact us online or call one of our experts at DataFile at 816.437.9134 to find out more.