OIG calls CMS out for lack of action in HIPAA enforcement
Healthcare Auditing Weekly, November 4, 2008
The OIG blasted CMS for its limited enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in an October 27 report. http://oig.hhs.gov/oas/reports/region4/40705064.pdf
In October 2003, the Department of Health and Human Services gave CMS authority to:
- Interpret, implement, and enforce the HIPAA Security Rule provisions
- Conduct compliance reviews and to investigate and resolve complaints of HIPAA Security Rule noncompliance
- Impose civil monetary penalties for a covered entity’s failure to comply with the HIPAA Security Rule provisions
After a recent review, the OIG concluded CMS has “taken limited action to ensure that covered entities adequately implement the HIPAA Security Rule.” The report revealed CMS has not conducted a compliance review of covered entities. The report said CMS fulfilled its oversight responsibilities by relying on complaints to identify noncompliance. The OIG, however, found this process unproductive despite praising it as an “effective process for receiving, categorizing, tracking, and resolving complaints.”
The OIG also said in its report that CMS needs to “become proactive in overseeing and enforcing implementation of the HIPAA Security Rule by focusing on compliance reviews.” The OIG recommended CMS establish policies and procedures for conducting compliance reviews.
CMS disagreed with the OIG’s findings and with the OIG’s statement that its oversight process was ineffective, but agreed with the recommendation for more specific polices.
Comments
0 comments on “OIG calls CMS out for lack of action in HIPAA enforcement ”
Related Products
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
-
HIPAA Handbook for Nutrition, Environmental Services, and Volunteer Staff:
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
HIPAA Handbook for Registration and Front Office Staff
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- HIPAA Q&A: Level of encryption needed for email
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- Capturing all necessary codes for IUD insertion and removal can be challenging
- Topic: CMS, OESS post new security compliance review information, checklist
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- Q&A: Acute respiratory failure diagnosis does not require intubation
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- HIPAA Q&A: Level of encryption needed for email
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- CMS has reformulated payments for some bilateral procedures
- Oxygen Cylinder Storage Requirements
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Understand the spine to code back procedures correctly
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Searched