Today I received notice that the Centers for Medicare & Medicaid Services (CMS) just issued a new publication, “Security Guidance for Remote Use‚Äù which is actually dated 12/28/2006.
“This document is intended to provide HIPAA covered entities with general information on the risks and possible mitigation strategies for remote use of Electronic Protected Health Information (EPHI).”
A great article was published on Law.com today written by Ryan Sulkin, “First Line of Defense Against Data Security Breaches: Employees.”
There are several points made that I hope business leaders read and take to heart.
The Pittsburgh Post-Gazette ran an interesting story today, “Spread of records stirs fears of privacy erosion.”
Basically this describes the trials and tribulations of a woman was denied disability benefits from her insurer following a car accident because of notes made by her psychologist. Reportedly the psychologist notes were intermingled with her general medical records.
On Wednesday the Queens Gazette ran a report on medical identity theft.
This certainly is an issue of concern. I blogged about medical identity theft earlier this year.
Combining identity theft with unauthorized access to medical information certainly can lead to magnified repercussions beyond wrecked credit ratings and hundreds of hours spent trying to clean up all the damage a criminal can do with personally identifiable information (PII). The potential increases for further abusing and horribly impacting the involved individuals, metally, physically and financially, by having access to their prescription information, insurance information, physician information, medical history, and everything else involved.
Government Health IT published an interesting report today, “Most privacy complaints are not investigated.”
From the article:
“The Department of Health and Human Services investigated less than 25 percent of 22,964 privacy complaints submitted to HHS‚Äô Office for Civil Rights (OCR) from April 2003 through September 2006”
In this episode, I speak with two highly experienced HIPAA compliance experts, Kevin Beaver and Brad Smith to get their views and opinions about this much discussed but often debated regulation. In particular we discuss the relatively new HIPAA Administrative Simplification Enforcement Final Rule, and how it impacts providers and payers. We explore and try to determine what, if any, impact the HIPAA Enforcement Rule has on Covered Entities.
Instead of clarifying compliance enforcement issues for covered entities (CEs), the Enforcement Rule has seemed to confuse and mislead many CEs into believing that they really don’t need to do much with regard to HIPAA compliance unless the Department of Health and Human Services (HHS), the Office for Civil Rights (OCR) or the Centers for Medicare and Medicaid Services (CMS) come knocking at their door and tell them they specifically need to do something.
Not all CEs are lackadaisical, though; Kevin, Brad and I discuss some of the CEs that have been very diligent in their HIPAA compliance efforts. However, we also discuss some examples of blatent disregard for HIPAA, and the resulting risks to organizations from such action. We also discuss the importance of addressing compliance through partnering information security, privacy, legal and compliance areas.
Subscribe to this site's RSS feed. However over icon to see which services are supported.