Category Archives: Health Information Privacy

HIPAA Security Rule Enforcement Not Yet Meeting Federal Requirements

A recent Office of the Inspector General (OIG) Report reviews progress made by the Office for Civil Rights (OCR) toward enforcement of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule following the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH) amendments. The OIG found OCR enforcement to be meeting Federal HIPAA requirements in some key areas, but to be wanting in others.

OCR enforcement activities meeting Federal requirements include, (1) making available guidance promoting compliance with the Security Rule; (2) the investigation process for responding to reported Security Rule violations; and (3) proper application of penalties for covered entities found in violation of the Security Rule. Continue reading

Office of Inspector General Issues Strategic Plan

The Office of the Inspector General (“OIG”) issued a 2014-2018 strategic plan including outlining the visions, goals, and priorities of that office for the upcoming several years. The plan sets forth four goals: 1. Fight fraud, waste and abuse; 2. Promote quality, safety, and value; 3. Secure the future; and 4. Advance excellence and innovation. Each goals is identified with several priority areas that support the stated goal. The report can be found at the OIG’s website http://go.us.gov/WdbV

HIPAA Violation Carries Jail Time

A former Florida nursing assistant pleaded guilty to wrongfully disclosing protected health information of residents in an assisted living facility. Denetria Barnes and Jakiel Bazart stole HIPAA protected records and sold the individual’s names, birth dates and social security numbers. An undercover sting with the cooperation of a number of law enforcement agencies caught the pair attempting to sell information for approximately 400 individuals for $15,000. A Florida district court judge has ordered restitution of $12,000, a sentence of 37 months in prison followed by 3 years of supervised release.

More information can be found at the US Department of Justice website http://www.justice.gov.

HITECH Compliance Deadline for Protected Health Information is Almost Here

The Health Information Technology for Economic and Clinical Health (HITECH) Act’s compliance deadline for its HIPAA amendments is just around the corner. On September 23, 2013, the Department of Health and Human Services (HHS) will require covered entities, including most health care providers, and many of their business associates to meet the new Privacy Rule, Security Rule, and Breach Notification requirements for protected health information (PHI). In preparation, covered entities and business associates should have updated policies, procedures, and business associate agreements, as well as trained employees on the new rules. Business associate agreements created, modified, or renewed on or after January 25, 2013 must be compliant by September 23, while agreements existing before January 25 that have not been subsequently renewed or modified must be compliant by September 22, 2014.  Continue reading