Sunday, May 22, 2011

More Hospital Audits to Find HIPAA Security Rule Violations

Recommendation of Report by Inspector General for Health and Human Services

More government audits of hospitals and increased enforcement the HIPAA Security Rule were the chief recommendation of the Office of the Inspector General (OIG) in his report on the Department of Health and Human Services' Office for Civil Rights (HHS/OCR).

According to the OIG report, HHS/OCR oversight and enforcement actions were insufficient to ensure hospitals effectively implement the HIPAA Security Rule. As a result, the government had limited assurance that controls were in place and operating as intended to protect electronic protected health information (ePHI), thereby leaving ePHI vulnerable to attack and compromise.
"Outsiders or employees at some hospitals could have accessed, and at one hospital did access, systems and beneficiaries’ personal data and performed unauthorized acts without the hospitals’ knowledge.." - Daniel R. Levinson, Inspector General of HHS
The report is based on seven audits of hospitals in California, Georgia, Illinois, Massachusetts, Missouri, New York, and Texas. These audits focused primarily on the hospitals’ implementation of the HIPAA Security Rule, including the policies and procedures developed and implemented for the security measures to protect the confidentiality, integrity, and availability of ePHI.
Download a white paper on medical records privacy breach detection as a service. Learn how an on-demand, pay-per-use service can cost effectively implement the HIPAA Security Rule - with no hardware and no on-site software.

Audit Found 151 High Impact Vulnerabilities
The OIG's audits identified 151 vulnerabilities, of which 124 were determined to be high impact. Where high impact means they could significantly violate, harm, or impede the hospitals mission, reputation, and interest, or result in human death or serious injury.

While each of the hospitals had implemented some controls to protect ePHI from improper alteration or destruction, none had sufficiently implemented the administrative, technical, and physical safeguard provisions of the Security Rule.

For the OIG's complete report see - Nationwide Rollup Review of the Centers for Medicare & Medicaid Services Health Insurance Portability and Accountability Act of 1996 Oversight

Sources:
(a) Press Release - HHS Office of Inspector General, May 16, 2011
(b) Nationwide Rollup Review of the Centers for Medicare & Medicaid Services Health Insurance Portability and Accountability Act of 1996 Oversight - HHS Office of Inspector General, May 16, 2011


No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.