I’ve been reading so much about HIPAA lately; no enforcement actions yet, but a lot of changes, proposals and initiatives.
Two more I read about recently:
Posts Tagged ‘security rule’
HIPAA: More Changes and Initiatives by HHS
Thursday, April 26th, 2007HIPAA: Advisory Workgroup Proposes PHI Security and Privacy Requirements Should Apply to All Organizations
Monday, April 23rd, 2007The Department of Health and Human Services (HHS) has a Confidentiality, Privacy, and Security Workgroup, also known as the American Health Information Community, that is made up of practitioners, IT folks, lawyers and other leaders outside of the government who want a say in how protected health information (PHI) is safeguarded, shared, and otherwise handled.
Admitted HIPAA Noncompliance at UPMC: Penalties Must Be Applied to Make Laws Effective
Monday, April 16th, 2007On April 13 the Pittsburgh Tribune-Review reported that the University of Pittsburgh Medical Center (UPMC) admitted to using the records of 80 patients, including names and Social Security numbers, for a presentation they made at a 2002 symposium, in violation of the Health Insurance Portability and Accountability Act (HIPAA).
HIPAA Security Rule and Privacy Rule Enforcement Reportedly Going To Be Pursued In 2007
Monday, April 9th, 2007Something that has bothered me, and many others, for a very long time is how there have been absolutely no enforcement actions for the Health Insurance Portability and Accountability Act (HIPAA) privacy rule or security rule since they went into effect. Passing a law and then not doing anything to enforce it, even after the enforcement agencies have received tens of thousands of complaints reporting noncompliance, makes the law weak and prone to disregard by covered entities (CEs) who see others getting away with noncompliance with just a, “Whoops! Sorry, we’ll try to fix that.”