Skagit County, Washington must pay the U.S. Department of Health and Human Services (HHS) $215,000. HHS investigated the County after learning that protected health information from the Skagit County Public Health Department was accessible through a public server.
The investigation revealed that sensitive information of over 1500 individuals was not properly secured on the County’s servers. The Department found that the County had a widespread non-compliance with privacy and security rules.
This case is the first settlement with a County government and shows that even government organizations must comply with HIPAA.