In its annual report to Congress, the Office for Civil Rights (OCR) said it is developing audit protocol to conduct audits of up to 145 covered entities in an ongoing effort to enforce the privacy and security rules of HIPAA. The Office for Civil Rights of the Department of Health and Human Services (HHS) is [...]
Read the rest of this entry »
The Department of Health and Human Services (HHS) is currently receiving public commentary on a proposed rule to expand the right of individuals to demand and receive "access reports" identifying who accessed their protected health information and why. Under the Health Insurance Accountability and Portability Act (HIPAA) of 1996, individuals currently have a right to [...]
Read the rest of this entry »The Department of Health and Human Services (HHS) is aiming to release its long-awaited (and consolidated) Final Rule on the HIPAA privacy and security rules by the end of 2011, it was announced by Susan McAndrew, deputy director in the HHS Office for Civil Rights (OCR). The revamped regulations for the privacy and security rules [...]
Read the rest of this entry »The Office of Civil Rights (OCR), the unit of the Department of Health and Human Services (HHS) responsible for monitoring health information breaches, recently reported that the total number of Americans affected by large data breaches has surpassed 10 million individuals. With the enactment of the Health Information Technology for Economic and Clinical Health Act [...]
Read the rest of this entry »The Department of Health and Human Services (HHS), despite a health industry outcry, has forwarded to the Office of Management and Budget (OMB) a proposed rule allowing patients to request information about the disclosure of their protected health information (PHI). An OMB review can take anywhere from one to 90 days to complete. After that, [...]
Read the rest of this entry »Though on Aug. 4 it withdrew its Interim Final Rule regarding HIPAA security breach notifications, the Department of Health and Human Services (HHS) has since clarified on its Web site that the suspended rule of Sept. 23, 2009, remains in effect. "This is a complex issue and the Administration is committed to ensuring that individuals’ [...]
Read the rest of this entry »Coming under criticism for allowing covered entities (in this case, those health care providers and others who maintain health records) to police themselves in matters of maintaining the privacy of Protected Health Information (PHI), the Department of Health and Human Services (HHS) has withdrawn its breach rule of September 2009. The already-in-effect interim final rule, [...]
Read the rest of this entry »Though HITECH (the Health Information Technology for Economic and Clinical Health act) took full effect this past Feb. 17, provisions regarding business associates were still vague, as we noted at the time. Now, the Office of Civil Rights (OCR) in the Department of Health and Human Services (HHS), the law’s oversight agency, is promising to [...]
Read the rest of this entry »As required by law, the Department of Health and Human Services (HHS) has begun publicly listing breaches of private health information (PHI), generally in medical records, when the breach totals 500 or more individuals. Though breach notification rules under HITECH (Health Information Technology for Economic and Clinical Health Act) went into effect in September 2009, a [...]
Read the rest of this entry »Provisions in the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was part of the stimulus package passed in February, created new security and breach rules for those covered by HIPAA (the Health Insurance Portability and Accountability Act of 1996), but afforded everyone a six-month window to achieve full compliance that runs into 2010. [...]
Read the rest of this entry »