On March 6, 2014, the Department of Health and Human Services’ Office for Civil Rights settled potential HIPAA violations with the Skagit County Public Health Department in Washington State for $215,000. Initially, OCR’s investigation focused on potential access of seven individuals’ ePHI on a public County server, which included ePHI related to infectious disease testing and treatment. The investigation later revealed ePHI of approximately 1,600 individuals to be at issue. The settlement not only addresses the improper access, but also the County’s failure to issue proper breach notices and to maintain adequate security measures, going back to as early as 2005. This first settlement with a county government clearly emphasizes the importance of HIPAA compliance in both the private and public sector, and not only in the area of breach reporting, but in maintaining and enforcing proactive policies and procedures.