Posts Tagged ‘CMS’

« Older Entries

CMS Gets Heat Over Not Actively Enforcing HIPAA

Tuesday, November 18th, 2008

To date the Centers for Medicare and Medicaid Services (CMS) has not actively pursued HIPAA Security Rule compliance. Instead they have depended upon complaints to drive their investigations. However, as this article nicely points out, depending upon patients and healthcare workers to complain about problems leaves MANY HIPAA non-compliance issues…including significant information security and privacy vulnerabilities…dangerously unknown…

(more…)

Tags:, , , , , , , , , , ,
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »

Audit Shows That After 5 Years CMS *STILL* Has No Documented Procedures For Ensuring HIPAA compliance

Thursday, October 30th, 2008

This week the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a very interesting assessment of how well, and how effectively, the Centers for Medicare & Medicaid Services (CMS) was performing their Health Insurance Portability and Accountability Act (HIPAA) oversight responsibilities.

(more…)

Tags:, , , , , , , , , , ,
Posted in government, Information Security, Privacy and Compliance | 1 Comment »

Audit Shows That After 5 Years CMS *STILL* Has No Documented Procedures For Ensuring HIPAA compliance

Thursday, October 30th, 2008

This week the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a very interesting assessment of how well, and how effectively, the Centers for Medicare & Medicaid Services (CMS) was performing their Health Insurance Portability and Accountability Act (HIPAA) oversight responsibilities.

(more…)

Tags:, , , , , , , , , ,
Posted in government, Information Security, Privacy and Compliance | 2 Comments »

More On The HHS HIPAA Compliance Activities

Friday, May 23rd, 2008

Today I communicated with Sue Marquette Poremba at SC Magazine for an article she published this afternoon, “Proliferating HIPAA complaints and medical record breaches
She had seen my blog posting from yesterday, “HIPAA Complaints And Associated Resolutions Since 2003” and asked me some follow-up questions.
Here is the full reply I sent to her, much of which she used within her article, but with some other points I want to note as well…

(more…)

Tags:, , , , , , , , , , , , , , , ,
Posted in Laws & Regulations | No Comments »

HIPAA Complaints And Associated Resolutions Since 2003

Thursday, May 22nd, 2008

The U.S. Health Insurance Portability and Accountability Act (HIPAA) has required compliance from covered entities (CEs) since 2003. The Department of Health and Human Services (HHS) is the Federal agency with regulatory oversight for compliance; with the Office of Civil Rights (OCR) responsible for Privacy Rule enforcement and the Centers for Medicare and Medicaid Services (CMS) responsible for Security Rule enforcement. Why two different offices to perform enforcement activities? No good reason was ever given.
I was just out looking on the HHS’s HIPAA compliance and enforcement site.
On May 12, 2008, they provided some interesting statistics from their enforcement activities from the past 5 years. Looks like they love Excel and the graphing capabilities! 🙂 I want to share some of the statistics with you…

(more…)

Tags:, , , , , , , , , , , , , , ,
Posted in Laws & Regulations | No Comments »

New HIPAA Security Information on the CMS website

Tuesday, February 26th, 2008

I just got a notice from the U.S. Department of Health and Human Services (HHS)…
New HIPAA Security Information on the CMS website

(more…)

Tags:, , , , , , , , , , ,
Posted in Information Security, Privacy and Compliance | No Comments »

CMS Announces Plans To Actively Audit Hospitals For HIPAA Compliance

Monday, January 21st, 2008

The U.S. Centers for Medicare and Medicaid Services (CMS) announced last week that they plan to audit 10 – 20 hospitals for HIPAA compliance in the next 9 months according to a Government Health IT article.

(more…)

Tags:, , , , , , , , , , , , , , , , ,
Posted in Privacy and Compliance | No Comments »

CMS Hires A Fox To Guard The HIPAA Henhouse

Tuesday, January 15th, 2008

I just read a very interesting article, “CMS’ HIPAA watchdog presents potential conflict” that made me go Hmmm!!
The genesis of the article is that the Centers for Medicare and Medicaid Services (CMS), the agency that is responsible for the Health Insurance Portability and Accountability Act (HIPAA) oversight and compliance enforcement, has contracted PricewaterhouseCoopers (PwC) to perform HIPAA Security Rule compliance audits during 2008.

(more…)

Tags:, , , , , , , , , , , , , , , , , , , ,
Posted in Privacy and Compliance | No Comments »

A Hospital Actively Enforcing HIPAA Requirements!

Saturday, September 29th, 2007

It is great to see a story published about a hospital, actually any type of organization that is a covered entity (CE), that is actively and seriously trying to be in compliance with HIPAA requirements.

(more…)

Tags:, , , , , , , , , , , , , , , ,
Posted in Non-compliance Sanctions Examples, Privacy and Compliance | No Comments »

The First Ever HIPAA Audit: Where’s The Report? Does It Have Beef?

Wednesday, September 12th, 2007

Gosh, I just had a flashback to the “Where’s the Beef” commercial from years ago… 🙂
The U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule went into effect in April, 2001, and gave covered entities (CEs) two years to get into compliance. The HIPAA Security Rule went into effect in April 2003 and CEs had until April 2005 to get into compliance.

(more…)

Tags:, , , , , , , , , , , , , ,
Posted in Information Security, Laws & Regulations, Privacy and Compliance | 2 Comments »

« Older Entries