Over 1650 Total Lots Up For Auction at Five Locations - NJ Cleansweep 05/07, NJ Cleansweep 05/08, CA 05/09, CO 05/12, PA 05/15

Spanish SpanishFrench FrenchEnglish English

HHS delega a régua da segurança de HIPAA ao escritório de direitas civis

por Astrid Fiano, DOTmed News Writer | October 20, 2009
Share

DOTmed: What should be the effect of this re-delegation of responsibility by HHS?

Gallagher: In February of this year, in the Health Information Technology for Economic and Clinical Health [HITECH] section, the American Recovery and Reinvestment Act of 2009 [ARRA] mandated changes to improve enforcement of the HIPAA Privacy Rule and Security Rules. HHS recently announced that it will move responsibility for enforcement of the Security Rule from CMS to OCR, thus consolidating enforcement of both rules into OCR.

stats Advertisement
DOTmed text ad

Training and education based on your needs

Stay up to date with the latest training to fix, troubleshoot, and maintain your critical care devices. GE HealthCare offers multiple training formats to empower teams and expand knowledge, saving you time and money

stats

The combination of responsibility within OCR should make enforcement more efficient. What we've seen taking place over the last few years in enforcement is that the majority of complaints received included both privacy and security components. If there is a privacy violation, most of the time that is due to a security control that was either violated or not working properly. That's how the rules become interrelated.

What was occurring was that the two different HHS groups had to coordinate to resolve any one complaint. The groups had to sort out what part of a complaint might have been a violation of the Privacy rule and what part might have been a violation of the Security Rule. It seems intuitively a good idea to have a single group handle both of those areas since they seem to be very interrelated.

DOTmed: How does the HITECH Act play into current concerns about Health Information Technology privacy?

Gallagher: In the HITECH Act in subtitle D, there is a good deal concerning privacy, and at the same time there is much encouragement of the use of HIT. The new requirements reflect the concerns the industry has expressed over privacy and HIT that had not been resolved by HIPAA. Congress added some privacy provisions, and made changes to some of what was in HIPAA. In effect, Congress was saying the government is getting serious about encouraging the use of HIT but also understands the privacy concerns and therefore has additional provisions for privacy.

DOTmed: How does HITECH address improving enforcement of HIPAA?

Gallagher: It's clear that Congress knew there were perceived issues with enforcement. A number of new enforcement measures are part of HITECH-increased penalties, a requirement of HHS to perform active audits for compliance, and a requirement for HHS to report to Congress on the progress made. Congress wants enforcement improved upon.

DOTmed: What is likely to be the next step with the OCR?

Gallagher: The reorganization makes sense. If there were any operational inefficiencies, they should be cleared up. It is possible that OCR might have been under-resourced up to now to handle the number of complaints they had been seeing. So, I would imagine that a next step would be to properly resource the OCR.
Sign up for Weekly Top stories

Sign up for Weekly Top stories

 

classifieds

More Voices

Real-world data is reshaping medtech — but at what cost?
Are you ready for the upcoming SIIM meeting?
Medicaid must accelerate AI adoption to navigate through our industry’s unprecedented uncertainty
How digital infrastructure supports episode-based care payment models
Five Minutes in Healthcare - Benoit Scherrer
From opaque costs to clear value: Price transparency reshapes healthcare management