A stolen USB-stick containing citizens' personal data will cost Alaska's Department of Health and Social Services (Alaska DHSS) USD 1.7 million. It is one of the biggest fines ever given out for a violation of the HIPAA.
The investigation into the flash drive stolen from Alaska DHSS has come to an end after almost three years. The court instructed the state agency to pay USD 1.7 million for the compromise of citizens' personal data and the violation of the Health Insurance Portability and Accountability Act (HIPAA).
InfoWatch's analysis center recalls that the incident occurred in October 2009. The removable hard disk, which contained details of 501 Alaskan citizens, including social security number, medical information, address, telephone number and healthcare payment information, was stolen from the car of a system administrator for the Department. The investigation was not opened until a few months later, and legal proceedings dragged on for alomst three years. The USB-stick has not been found. In spite of the small number of records which were compromised, Alaska DHSS will pay almost USD 2 million due to the organization's inadequate security policy.
This is not the first time that a violation of the HIPPA has cost an organization a substantial sum. In 2011, Massachusetts General Hospital paid out USD 1 million following the compromise of medical documents belonging to 192 patients.
Nikolai Fedotov, chief analyst at InfoWatch notes that: «imposing fines on citizens, officials and commercial companies is effective. But there is a bigger question mark when it comes to government funded organizations.
Government funds will be shifted from one pot to another. Who will be worse off as a result? Who will learn the lesson? Particularly since three years have passed since the incident. It is worth remembering that the average length of time that an IT professional spends in the same job is two years. It is entirely likely that at the time the fine is paid, not one employee connected to the incident in question will still be working within the state agency».
