County Government Settles Potential HIPAA Violations

Skagit County, Washington recently agreed to a $215,000 settlement, as well as agreeing to correct deficiencies in its HIPAA compliance program, with the Health and Human Services Office for Civil Rights (“OCR”).  The Skagit County Public Health Department provides medical services to many individuals in the county, which is home to approximately 118,000 residents. 

OCR opened an investigation when it received a breach report that the electronic protected health information of seven individuals was accessed by unknown parties after it had accidently been placed on a publicly accessible computer server.  OCR’s investigation revealed broader exposure of electronic protected health information of 1,581 individuals involved in the incident and widespread non-compliance by Skagit County with HIPAA.  A copy of the Resolution Agreement between OCR and Skagit County can be found here.

This case is the first settlement between OCR and a county government.

~Submitted by Z Cohen