OCR: The HIPAA enforcer?
HIM-HIPAA Insider, August 10, 2009
You know the "what" when it comes to HIPAA privacy and security enforcement: New federal laws this year include larger monetary fines, periodic audits, civil-suit authority to state attorneys general, and new HIPAA Security Rule compliance to business associates (BAs) of covered entities.
You now know the "who": The Office for Civil Rights (OCR), long the HIPAA Privacy Rule warden, inherits the security rule per a July 27 announcement by HHS Secretary Kathleen Sebelius.
But for covered entities, "when" and "how much" remain the bigger questions. When will this stepped-up enforcement arrive? And how regular will it be?
"I think the initial intent is to combine privacy and security investigations, audits, etc., in one division given [that] many security violations/breaches lead to privacy breaches," says Chris Apgar, CISSP, president of Apgar & Associates in Portland, OR. "It's logical that there be one enforcement shop for privacy and security. As far as what it means on the auditing side, that's likely not something we will know until next year."
Get more analysis on our HIPAA Update blog.
- Differentiate between types of wound debridement
- CMS seeks comment on quality measures
- Note similarities and differences between HCPCS, CPT® codes
- OB services: Coding inside and outside of the package
- Fracture coding in ICD-10-CM requires greater specificity
- Complications from immobility by body system
- ICD-10-CM coma, stroke codes require more specific documentation
- Hospital offers incentives for identifying incorrect patient status
- What to expect when coding CAD, MI with ICD-10-CM
- What does case-mix index mean to you?
- Average resident salary rises
- More new physicians taking advantage of debt forgiveness program
- Medical school awards scholarships to delay student enrollment
- Medical errors are the third leading cause of death: Now what?
- Learn how to hold staff accountable in a nonpunitive culture
- HIPAA Q&A: Level of encryption needed for email
- From the nurse manager's bookshelf: Patient classification systems
- Ensure appropriate use of soft restraints, drugs
- Consider this before arming your security officers
- Coding, billing, and documentation tips for teaching physicians, interns, residents, and students