• E-mail
• Print
• RSS

Privacy group comments on first installment of enforcement rule

HIPAA Weekly Advisor, July 11, 2003

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

The Office for Civil Rights (OCR) should monitor HIPAA compliance, rather than rely on complaints, and the person whose privacy is violated should be more involved in the enforcement process, the Health Privacy Project (HPP) said June 16 in a letter to CMS Administrator Thomas A. Scully.

"The approach of the interim final rule, because it depends exclusively on consumers to be knowledgeable about what constitutes a violation of the rules and about the process for reporting such violations, is an abrogation of the Secretary's duty under the statute to enforce the law and is an ineffective tool for ensuring that entities covered by the rules are adequately protecting the confidentiality of sensitive medical information in their possession," wrote the Georgetown University group.

If OCR does use complaints as the sole or primary means for investigating violations, HHS should include a requirement in the enforcement rule for an annual accounting of complaints filed with HHS and provide information on how complaints have been resolved, the group said.

The HPP also suggested OCR accept testimony or a written statement from individuals whose privacy is violated, and that covered entities provide individuals with notice of that right.

Go to http://www.healthprivacy.org and look under "More News" to read the letter.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive