The U.S. Health Insurance Portability and Accountability Act (HIPAA) has required compliance from covered entities (CEs) since 2003. The Department of Health and Human Services (HHS) is the Federal agency with regulatory oversight for compliance; with the Office of Civil Rights (OCR) responsible for Privacy Rule enforcement and the Centers for Medicare and Medicaid Services (CMS) responsible for Security Rule enforcement. Why two different offices to perform enforcement activities? No good reason was ever given.
I was just out looking on the HHS’s HIPAA compliance and enforcement site.
On May 12, 2008, they provided some interesting statistics from their enforcement activities from the past 5 years. Looks like they love Excel and the graphing capabilities! 🙂 I want to share some of the statistics with you…
Posts Tagged ‘security rule’
HIPAA Complaints And Associated Resolutions Since 2003
Thursday, May 22nd, 2008New HIPAA Security Information on the CMS website
Tuesday, February 26th, 2008I just got a notice from the U.S. Department of Health and Human Services (HHS)…
New HIPAA Security Information on the CMS website
CMS Announces Plans To Actively Audit Hospitals For HIPAA Compliance
Monday, January 21st, 2008The U.S. Centers for Medicare and Medicaid Services (CMS) announced last week that they plan to audit 10 – 20 hospitals for HIPAA compliance in the next 9 months according to a Government Health IT article.
CMS Hires A Fox To Guard The HIPAA Henhouse
Tuesday, January 15th, 2008I just read a very interesting article, “CMS’ HIPAA watchdog presents potential conflict” that made me go Hmmm!!
The genesis of the article is that the Centers for Medicare and Medicaid Services (CMS), the agency that is responsible for the Health Insurance Portability and Accountability Act (HIPAA) oversight and compliance enforcement, has contracted PricewaterhouseCoopers (PwC) to perform HIPAA Security Rule compliance audits during 2008.
HIPAA, The Insider Threat & Prison Time
Thursday, October 11th, 2007It seems there are more and more stories related to patient privacy and HIPAA popping up lately. Today another story caught my eye related to them.
Another Hospital Suspends Staff For Violating HIPAA Requirements
Wednesday, October 10th, 2007A couple of weeks ago I blogged about the Ivinson Memorial Hospital applying sanctions to their staff for violating HIPAA requirements.
They have set a good example…another hospital has also applied sanctions…suspending 27 of their staff members for violating HIPAA requirements.
A Hospital Actively Enforcing HIPAA Requirements!
Saturday, September 29th, 2007It is great to see a story published about a hospital, actually any type of organization that is a covered entity (CE), that is actively and seriously trying to be in compliance with HIPAA requirements.
HIPAA & 4 Lessons From an Insider Threat Example: Former Healthcare IT Manager Hacks Into System and Deletes PHI
Monday, September 10th, 2007There are so many ways in which bad things can happen with the authorized access personnel and business partners have to sensitive data, personally identifiable information (PII), and business systems. Many times the bad things that happen are a result of a lack of awareness of how to properly protect information, a result of mistakes, or a result of malicious intent. Here is just one more example to add to your file of actual insider threat incidents.
HIPAA & 4 Lessons From an Insider Threat Example: Former Healthcare IT Manager Hacks Into System and Deletes PHI
Monday, September 10th, 2007There are so many ways in which bad things can happen with the authorized access personnel and business partners have to sensitive data, personally identifiable information (PII), and business systems. Many times the bad things that happen are a result of a lack of awareness of how to properly protect information, a result of mistakes, or a result of malicious intent. Here is just one more example to add to your file of actual insider threat incidents.
