Yesterday the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted a new HIPAA frequently asked question (FAQ) to their site; a great question that many organizations do not even consider until after the fact…
Posts Tagged ‘OCR’
HIPAA Compliance During Emergencies and Disasters
Tuesday, October 7th, 2008More On The HHS HIPAA Compliance Activities
Friday, May 23rd, 2008Today I communicated with Sue Marquette Poremba at SC Magazine for an article she published this afternoon, “Proliferating HIPAA complaints and medical record breaches”
She had seen my blog posting from yesterday, “HIPAA Complaints And Associated Resolutions Since 2003” and asked me some follow-up questions.
Here is the full reply I sent to her, much of which she used within her article, but with some other points I want to note as well…
HIPAA Complaints And Associated Resolutions Since 2003
Thursday, May 22nd, 2008The U.S. Health Insurance Portability and Accountability Act (HIPAA) has required compliance from covered entities (CEs) since 2003. The Department of Health and Human Services (HHS) is the Federal agency with regulatory oversight for compliance; with the Office of Civil Rights (OCR) responsible for Privacy Rule enforcement and the Centers for Medicare and Medicaid Services (CMS) responsible for Security Rule enforcement. Why two different offices to perform enforcement activities? No good reason was ever given.
I was just out looking on the HHS’s HIPAA compliance and enforcement site.
On May 12, 2008, they provided some interesting statistics from their enforcement activities from the past 5 years. Looks like they love Excel and the graphing capabilities! 🙂 I want to share some of the statistics with you…
CMS Hires A Fox To Guard The HIPAA Henhouse
Tuesday, January 15th, 2008I just read a very interesting article, “CMS’ HIPAA watchdog presents potential conflict” that made me go Hmmm!!
The genesis of the article is that the Centers for Medicare and Medicaid Services (CMS), the agency that is responsible for the Health Insurance Portability and Accountability Act (HIPAA) oversight and compliance enforcement, has contracted PricewaterhouseCoopers (PwC) to perform HIPAA Security Rule compliance audits during 2008.
A Hospital Actively Enforcing HIPAA Requirements!
Saturday, September 29th, 2007It is great to see a story published about a hospital, actually any type of organization that is a covered entity (CE), that is actively and seriously trying to be in compliance with HIPAA requirements.
The First Ever HIPAA Audit: Where’s The Report? Does It Have Beef?
Wednesday, September 12th, 2007Gosh, I just had a flashback to the “Where’s the Beef” commercial from years ago… 🙂
The U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule went into effect in April, 2001, and gave covered entities (CEs) two years to get into compliance. The HIPAA Security Rule went into effect in April 2003 and CEs had until April 2005 to get into compliance.
HIPAA & 4 Lessons From an Insider Threat Example: Former Healthcare IT Manager Hacks Into System and Deletes PHI
Monday, September 10th, 2007There are so many ways in which bad things can happen with the authorized access personnel and business partners have to sensitive data, personally identifiable information (PII), and business systems. Many times the bad things that happen are a result of a lack of awareness of how to properly protect information, a result of mistakes, or a result of malicious intent. Here is just one more example to add to your file of actual insider threat incidents.
HIPAA & 4 Lessons From an Insider Threat Example: Former Healthcare IT Manager Hacks Into System and Deletes PHI
Monday, September 10th, 2007There are so many ways in which bad things can happen with the authorized access personnel and business partners have to sensitive data, personally identifiable information (PII), and business systems. Many times the bad things that happen are a result of a lack of awareness of how to properly protect information, a result of mistakes, or a result of malicious intent. Here is just one more example to add to your file of actual insider threat incidents.
HIPAA Violation in Divorce Proceeding?
Friday, July 13th, 2007HIPAA: More Changes and Initiatives by HHS
Thursday, April 26th, 2007I’ve been reading so much about HIPAA lately; no enforcement actions yet, but a lot of changes, proposals and initiatives.
Two more I read about recently:
