The HHS Office for Civil Rights has fined Skagit County in Northwest Washington $215,000 for violations of the HIPAA privacy, security and breach notification rules.

The settlement, which includes a corrective action plan for Skagit County, is the first such action taken against a local government for HIPAA non-compliance. From about Sept. 14 to Sept. 28, 2011, the PHI of 1,581 individuals served by its public health department was disclosed because it was accessible on the county’s public Web server, according to the OCR. The county discovered the breach on Sept. 28 and first notified the OCR on Nov. 16, 2011. The OCR in turn notified the county on May 25, 2012 of an investigation of the breach.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access