• E-mail
• Print
• RSS

Impermissible use of PHI, lack of adequate safeguards top list of privacy complaints

HIPAA Weekly Advisor, August 15, 2005

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

In the more than two years since most organizations first had to comply with HIPAA's privacy rule, the Office for Civil Rights (OCR) has received its share of complaints alleging privacy rule violations- 13,733 as of June 30, according to the Fort Wayne News-Sentinel.

Two-thirds of complaints have been resolved in one way or another, and the other third are open cases. So far, 217 cases have been sent to the U.S. Department of Justice for criminal investigation. Although OCR has the authority to impose civil money penalties, it has not imposed any yet.

The top five allegations, ranked in order, raised most frequently in complaints are

• impermissible use or disclosure of an individual's identifiable health information
• lack of adequate safeguards
• refusal or failure to provide the individual with access to his/her records
• disclosure of more information than is minimally necessary to satisfy a particular request
• failure to have the individual's valid authorization for a disclosure that requires an authorization

The top five entities, ranked in order, against which HIPAA complaints have been filed are

• private healthcare practices
• general hospitals
• pharmacies
• outpatient facilities
• group health plans

Click here to read more.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive