• HHS conducted it’s first-ever, on-site inspection for HIPAA compliance in March 2007 at Piedmont Hospital in Atlanta, Georgia.
• In 2007 HHS granted new and expanded subpoena authority to the Office for Civil Rights to use in HIPAA violation investigations.
• As of 2009, over 400 cases have now been referred to the US Department of Justice over possible criminal violations of HIPAA.
• The 2009 HITECH Act, part of the ARRA, expanded HIPAA investigations and enforcement, to include, for the first time, mandatory investigations and penalties for cases involving “willful neglect”.
• HHS re-delegated HIPAA Security enforcement in August 2009, moving it from the CMS to the OCR. The OCR now handles investigations and enforcement for both the Privacy and Security Rules.
• Announced August 2009, HHS is hiring more investigators to accommodate the growing number of complaints and it’s new, combined Privacy and Security enforcement duties.

Combine these with the ever-growing number of breaches, and the ARRA changes to HIPAA enforcement, and you have an blossoming enforcement situation every Covered Entity (CE) and Business Associate (BA) should be concerned about.

CEa and BAa simply must get their HIPAA “ducks in a row” as we approach 2010. The major provisions of the ARRA and the HITECH Act kick in on February 18th 2010, and HIPAA enforcement will continue to heat up. Be ready and be careful!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Whether it’s from stolen laptops, rogue wi-fi hotspots, employee snooping, or determined hackers, data breaches and losses are skyrocketing. The problem is so acute, that even organizations that track data breaches are amazed at the scope of the data breach problem.

Medical Records Have Financial Value to Criminals

Why is this happening in such a big way? The answer is money. Medical records, and other comprehensive personal records like mortgage applications, have financial value to criminals. Criminals buy and sell people’s personal records on underground websites and channels because those records are used to create false identities and commit fraud.

The attractiveness of medical records to criminals is one of the main reasons why the HIPAA regulations require such strong protections for PHI. Covered Entities think their records are just paper. But to criminals, medical records are gold.

Foreign crime syndicates see the potential payoff from I.D. theft. And even common street gangs are, in some cases, turning away from drugs and prostitution and moving into I.D. theft.

HIPAA Requirements are Only a Starting Point

Remember, HIPAA’s Privacy and Security Rule requirements are only a minimum “floor” of protection that every entity should have in place no matter what. It also takes effective training, awareness of how criminals work, and due diligence to prevent data breaches. And you can be sure of one thing: prevention is easier and much, much cheaper than dealing with a data breach. Be careful!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.