To date the Centers for Medicare and Medicaid Services (CMS) has not actively pursued HIPAA Security Rule compliance. Instead they have depended upon complaints to drive their investigations. However, as this article nicely points out, depending upon patients and healthcare workers to complain about problems leaves MANY HIPAA non-compliance issues…including significant information security and privacy vulnerabilities…dangerously unknown…

CMS criticized for lax enforcement of HIPAA security rules: Agency officials disputed the OIG findings but agreed to enhance compliance-assurance activities.

Tags: awareness and training, CMS, compliance, HIPAA, Information Security, IT compliance, IT training, patient privacy, policies and procedures, privacy training, risk management, security training

This entry was posted on Tuesday, November 18th, 2008 at 7:59 pm and is filed under Information Security, Laws & Regulations, Privacy and Compliance. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.