HHS slaps provider with $150K bill for HIPAA breach

Anchorage Community Mental Health Services in Alaska will pay $150,000 to the Department of Health and Human Services (HHS) to settle potential HIPAA violations. The organization failed to patch their systems and ran outdated software, leading to a data breach affecting 2,743 individuals. The investigation by the HHS found that the organization had adopted HIPAA security policies, but employees did not follow them from 2005 to 2012. Anchorage Community Mental Health Services will also be required to implement a corrective action plan and report to the HHS on its compliance program.