The U.S. Department of Health and Human Services ("HHS") recently entered into a Resolution Agreement with Providence Health & Services ("Providence") of Seattle to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") Privacy and Security Rules. Under the Resolution Agreement, Providence agrees to pay $100,000 and implement a corrective action plan to insure that identifiable electronic patient information is appropriately safeguarded. Additionally, Providence has agreed to revise its policies and procedures regarding physical and technical safeguards governing the offsite transport and storage of electronic media containing patient information; train its workforce members on such safeguards; conduct audits and site visits of its facilities; and submit compliance reports to HHS for a period of three years. The Resolution Agreement relates to the loss of electronic backup media and laptop computers in 2005 and 2006.
For additional information, please see the HHS Press Release and the full text of the Resolution Agreement.