Friday, September 9, 2011

Top HIPAA Privacy and Security Rule Violation Investigations

The U.S. Department of Health and Human Services Office for Civil Rights (HHS/OCR) has just released its "Annual Report to Congress on HIPAA Privacy Rule and Security Rule Compliance".

A highlight of the report is the summary of complaints received by HHS/OCR of alleged violations of the HIPAA privacy and security rules.

Privacy Rule
The most frequently investigated Security Rule compliance issues are:
  • impermissible uses and disclosures of PHI
  • lack of safeguards of PHI
  • denial of individuals’ access to their PHI
  • uses or disclosures of more than the minimum necessary PHI
  • inability of individuals to file complaints with covered entities
Download a white paper on HIPAA Privacy Rule breach detection as a service. Learn about a service that proactively identifies impermissible uses and disclosures of PHI, even by authorized users - with no hardware and no on-site software.
Security Rule
The most frequently investigated Security Rule compliance issues are:
  • failure to demonstrate adequate policies and procedures or safeguards to address: response and reporting of security incidents
  • security awareness and training
  • access controls
  • information access management
  • workstation security
Covered Entities Required to Take Corrective Action
The most common types of covered entities that have been required to take corrective action, are:
  • private practices
  • general hospitals
  • outpatient facilities
  • health plans
  • pharmacies
NOTE: for most HIPAA covered entities, compliance with the Privacy Rule was required by April 14, 2003, and compliance with the Security Rule by April 20, 2005.

Sources:
(a) Annual Report to Congress on HIPAA Privacy Rule and Security Rule Compliance For Calendar Years 2009 and 2010 - U.S. Department of Health and Human Services' Office for Civil Rights, September, 2011


No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.