Health Information Management

GAO: OCR behind in issuing guidance, lacks future plan for HITECH audits

HIM-HIPAA Insider, July 9, 2012

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

OCR is behind on issuing required guidance and implementing required oversight capabilities for Medicare beneficiaries’ prescription drug use information when used for purposes other than direct clinical care, according to a June report issued by an internal government watchdog.

The Government Accountability Office (GAO) reported that OCR, HIPAA privacy and security enforcer, has established a framework in this arena through regulations, outreach and enforcement activities.

However, the privacy and security regulators have not issued required implementation guidance to assist entities in de-identifying personal health information including when it is used for purposes other than directly providing clinical care to an individual.

“This means ensuring that data cannot be linked to a particular individual, either by removing certain unique identifiers or by applying a statistical method to ensure that the risk is very small that an individual could be identified,” according to a GAO report on its website.

Editor’s note: Click here to read more.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular