Category Archives: Health Information Privacy

HIPAA Security Rule Enforcement Not Yet Meeting Federal Requirements

A recent Office of the Inspector General (OIG) Report reviews progress made by the Office for Civil Rights (OCR) toward enforcement of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule following the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH) amendments. The OIG found OCR enforcement to be meeting Federal HIPAA requirements in some key areas, but to be wanting in others.

OCR enforcement activities meeting Federal requirements include, (1) making available guidance promoting compliance with the Security Rule; (2) the investigation process for responding to reported Security Rule violations; and (3) proper application of penalties for covered entities found in violation of the Security Rule. Continue reading

Office of Inspector General Issues Strategic Plan

The Office of the Inspector General (“OIG”) issued a 2014-2018 strategic plan including outlining the visions, goals, and priorities of that office for the upcoming several years. The plan sets forth four goals: 1. Fight fraud, waste and abuse; 2. Promote quality, safety, and value; 3. Secure the future; and 4. Advance excellence and innovation. Each goals is identified with several priority areas that support the stated goal. The report can be found at the OIG’s website http://go.us.gov/WdbV

HIPAA Violation Carries Jail Time

A former Florida nursing assistant pleaded guilty to wrongfully disclosing protected health information of residents in an assisted living facility. Denetria Barnes and Jakiel Bazart stole HIPAA protected records and sold the individual’s names, birth dates and social security numbers. An undercover sting with the cooperation of a number of law enforcement agencies caught the pair attempting to sell information for approximately 400 individuals for $15,000. A Florida district court judge has ordered restitution of $12,000, a sentence of 37 months in prison followed by 3 years of supervised release.

More information can be found at the US Department of Justice website http://www.justice.gov.

HITECH Compliance Deadline for Protected Health Information is Almost Here

The Health Information Technology for Economic and Clinical Health (HITECH) Act’s compliance deadline for its HIPAA amendments is just around the corner. On September 23, 2013, the Department of Health and Human Services (HHS) will require covered entities, including most health care providers, and many of their business associates to meet the new Privacy Rule, Security Rule, and Breach Notification requirements for protected health information (PHI). In preparation, covered entities and business associates should have updated policies, procedures, and business associate agreements, as well as trained employees on the new rules. Business associate agreements created, modified, or renewed on or after January 25, 2013 must be compliant by September 23, while agreements existing before January 25 that have not been subsequently renewed or modified must be compliant by September 22, 2014.  Continue reading

Spring Cleaning – Dust Off Your Compliance Program Manual and Take Some Practical Steps to Reinvigorate Your Program.

Compliance program fatigue is nothing new. Over at least the last 15 years, health care organizations have jumped in head first, put together detailed manuals and taken the plunge. However, reimbursement cuts, quality initiatives, RACs, ZPICs, whistleblowers, physical plant renovations and simply significant industry challenges got in the way of sustaining an efficient and effective compliance effort. Health care organizations have also become desensitized to the barrage of compliance education, enforcement press releases, audits and reviews and other shock-value communications on the importance of regulatory compliance. In that vein, this very article may get lost in the shuffle, although, we hope it doesn’t.

An efficient and effective compliance effort with your organization is extremely important, if only as an insurance policy against government scrutiny. Additionally, the Patient Protection and Affordable Care Act of 2010, H.R. 3590 (“ACA”) includes requirements that CMS implement mandatory compliance program requirements for all providers and suppliers. In a distinct section of ACA, nursing home mandatory compliance programs were given a specific implementation timeline. Continue reading