Over 1850 Total Lots Up For Auction at Six Locations - MA 04/30, NJ Cleansweep 05/02, TX 05/03, TX 05/06, NJ 05/08, WA 05/09

Spanish Spanish

HHS Delegates HIPAA Security Rule to Office of Civil Rights

by Astrid Fiano, DOTmed News Writer | October 20, 2009
Share
DOTmed spoke to HIMSS
about HIPAA
Secretary of the Department of Health and Human Services (HHS) Kathleen Sebelius has recently announced that authority for the administration and enforcement of the Security Standards for the Protection of Electronic Protected Health Information (Security Rule) has been delegated to the Office for Civil Rights (OCR). According to a press release on HHS's web site, the change will improve HHS protection of individuals' health information by "combining the authority for administration and enforcement of the Federal standards for health information privacy and security called for in the Health Insurance Portability and Accountability Act of 1996 (HIPAA)."

Prior to the change, the Office for Civil Rights had administrative and enforcement responsibility for the HIPAA Privacy Rule. The Centers for Medicare & Medicaid Services (CMS) had administrative and enforcement responsibility for the HIPAA Security Rule.

According to the OCR's website a summary of enforcement data (up to June 2009) for the Privacy Rule states since the compliance date in April 2003, HHS has received over 44,911 HIPAA Privacy complaints. OCR resolved over 8,756 of the complaints received through investigation and enforcement. OCR required changes in privacy practices and other corrective actions by the covered entities. Typical issues investigated are impermissible uses and disclosures of protected health information; lack of safeguards of protected health information; uses or disclosures of more than the minimum necessary protected health information; and lack of or invalid authorizations for uses and disclosures of protected health information.
stats
DOTmed text ad

Your Centrifuge Specialty Store

Quality remanufactured Certified Centrifuges at Great prices! Fully warranted and backed by a company you can trust! Call or click for a free quote today! www.Centrifugestore.com 800-457-7576

stats
Lisa Gallagher, Senior Director of Privacy and Security for Healthcare Information and Management Systems Society (HIMSS) participated in a "Q&A" with DOTmed about the changes in administration. HIMSS is a membership organization focused the optimal use of healthcare information technology (HIT). HIMSS works to make changes such as the new development in the OCR clear to the membership (hospitals, physicians, clinics, etc.) to help them prepare for compliance.

DOTmed: What are the differences between the Security Rule and the Privacy Rule?

Gallagher: The Security Rule covers how an organization must put in place security controls to protect the protected health information of the patient-technical, administrative and physical controls an organization needs to consider in protecting individually identifiable health data. The Privacy Rule covers the privacy rights and privacy policies that need to be in place--what information needs to be protected, what is allowed to be sent out without patient authorization, when an organization has to get authorization, and so on.
Sign up for Weekly Top stories

Sign up for Weekly Top stories

 

advertisement

More Voices

Why hospitals and nursing programs should teach cultural competence
Women in leadership: Three female hospital leaders share what leadership means to them
Five ways to increase clinical trial diversity through patient engagement
Massive Stark Law settlement underscores continued government scrutiny of health system physician employment arrangements