HHS' Annual Report on HIPAA Compliance Reveals Top Issues for Investigation

The U.S. Department of Health and Human Services' Office for Civil Rights has submitted a report (pdf) to Congress on HIPAA compliance that reveals the most common privacy compliance issue investigated from April 2003-Dec. 2010 was impermissible uses and disclosures of protected health information.

The "Annual Report to Congress on HIPAA Privacy Rule and Security Rule Compliance For Calendar Years 2009 and 2010" summarizes compliance with HIPAA, complaints received by HHS of alleged violations of the HITECH Act or HIPAA rules and HHS' responses to complaints.

From April 2003, the compliance date of the HIPAA Privacy Rule, to Dec. 2010, the most common compliance issues with the Privacy Rule that the OCR investigated were the following, in order of frequency:

1. Impermissible uses and disclosures of PHI.
2. Lack of safeguards of PHI.
3. Denial of individuals' access to their PHI.
4. Uses or disclosures of more than the minimum necessary PHI.
5. Inability of individuals to file complaints with covered entities.

From April 2005, the compliance date of the HIPAA Security Rule, the most common areas for which entities failed to demonstrate adequate policies and procedures or safeguards, as required under the HIPAA Security Rule, include the following, listed by frequency:

1. Response and reporting of security incidents.
2. Security awareness and training.
3. Access controls.
4. Information access management.
5. Workstation security.

Related Articles on HIPAA:

HHS Reports Data Breaches of Protected Health Information in 2009-2010 to Congress
CMS Should Finalize Operating Rules for HIPAA Transaction Standards, AHA Says

Lag in HIPAA 5010 Preparation Does Not Bode Well for ICD-10


Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Articles We Think You'll Like

 

Featured Whitepapers

Featured Webinars