Keep a close eye on privacy when preparing for security enforcement
HIPAA Weekly Advisor, September 28, 2003
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
The Office for Civil Rights (OCR) won't enforce HIPAA's security rule, but security enforcement will be very similar to the process OCR uses for privacy.
CMS created the Office of HIPAA Standards (OHS) to enforce and develop HIPAA regulations for which the agency is responsible. These regulations include security, transactions and code sets, and identifiers. OCR and OHS will both have a complaint-based enforcement process and will coordinate very closely on overlapping issues, says Karen Trudel, deputy director of OHS.
The enforcement approach isn't the only similarity. A privacy violation could also lead to a security violation. "Just from a common sense perspective, most security complaints that are filed will have a privacy component," says Trudel.
"People will be more likely to submit a complaint when information is inappropriately disclosed. Just the fact that a doctor's office doesn't have password protection on a personal computer will not cause someone to submit a complaint," she says. "They'll probably be driven to [file a complaint] by being harmed by that lack of password protection."
Go to http://www.himinfo.com/news/feature.cfm?content_id=34975 to read more.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- HIPAA Q&A: Level of encryption needed for email
- Identify potential Medicaid RAC target areas
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched