Posts Tagged ‘privacy rule’

New Report Finds HIPAA Privacy Rule Is Ineffective As Written

Wednesday, February 4th, 2009

Today the Institute of Medicine (IOM) released a report, “Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research“…

(more…)

FTC Applies GLBA & FTC Act Sanctions To Mortgage Lender

Monday, November 10th, 2008

I anticipate that with the big $700 billion “rescue” plan the government is going to continue the increased compliance activities…

(more…)

HIPAA Compliance During Emergencies and Disasters

Tuesday, October 7th, 2008

Yesterday the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted a new HIPAA frequently asked question (FAQ) to their site; a great question that many organizations do not even consider until after the fact…

(more…)

More On The HHS HIPAA Compliance Activities

Friday, May 23rd, 2008

Today I communicated with Sue Marquette Poremba at SC Magazine for an article she published this afternoon, “Proliferating HIPAA complaints and medical record breaches
She had seen my blog posting from yesterday, “HIPAA Complaints And Associated Resolutions Since 2003” and asked me some follow-up questions.
Here is the full reply I sent to her, much of which she used within her article, but with some other points I want to note as well…

(more…)

HIPAA Complaints And Associated Resolutions Since 2003

Thursday, May 22nd, 2008

The U.S. Health Insurance Portability and Accountability Act (HIPAA) has required compliance from covered entities (CEs) since 2003. The Department of Health and Human Services (HHS) is the Federal agency with regulatory oversight for compliance; with the Office of Civil Rights (OCR) responsible for Privacy Rule enforcement and the Centers for Medicare and Medicaid Services (CMS) responsible for Security Rule enforcement. Why two different offices to perform enforcement activities? No good reason was ever given.
I was just out looking on the HHS’s HIPAA compliance and enforcement site.
On May 12, 2008, they provided some interesting statistics from their enforcement activities from the past 5 years. Looks like they love Excel and the graphing capabilities! 🙂 I want to share some of the statistics with you…

(more…)

CMS Announces Plans To Actively Audit Hospitals For HIPAA Compliance

Monday, January 21st, 2008

The U.S. Centers for Medicare and Medicaid Services (CMS) announced last week that they plan to audit 10 – 20 hospitals for HIPAA compliance in the next 9 months according to a Government Health IT article.

(more…)

CMS Hires A Fox To Guard The HIPAA Henhouse

Tuesday, January 15th, 2008

I just read a very interesting article, “CMS’ HIPAA watchdog presents potential conflict” that made me go Hmmm!!
The genesis of the article is that the Centers for Medicare and Medicaid Services (CMS), the agency that is responsible for the Health Insurance Portability and Accountability Act (HIPAA) oversight and compliance enforcement, has contracted PricewaterhouseCoopers (PwC) to perform HIPAA Security Rule compliance audits during 2008.

(more…)

FTC Fines Mortgage Co. For Tossing PII Into Dumpster: FACTA/FCRA, GLBA, & FTC Act Violations

Wednesday, December 26th, 2007

On December 17 the U.S. Federal Trade Commission (FTC) fined and penalized American United Mortgage Company for throwing the personally identifiable information (PII) and financial information of its customers and consumers into an open, publicly-accessible dumpster.
Under the terms of the penalty, American United Mortgage Company must:

(more…)

HIPAA, The Insider Threat & Prison Time

Thursday, October 11th, 2007

It seems there are more and more stories related to patient privacy and HIPAA popping up lately. Today another story caught my eye related to them.

(more…)

Another Hospital Suspends Staff For Violating HIPAA Requirements

Wednesday, October 10th, 2007

A couple of weeks ago I blogged about the Ivinson Memorial Hospital applying sanctions to their staff for violating HIPAA requirements.
They have set a good example…another hospital has also applied sanctions…suspending 27 of their staff members for violating HIPAA requirements.

(more…)