HIPAA compliance must address organization oversight

Approximately five years after the promulgation of the final privacy and security regulations under HIPAA, and two and a half years after the promulgation of a final rule addressing the implementation of civil money penalties, the first-ever monetary settlement paid, and Resolution Agreement/CAP, to...

Full description

Saved in:
Bibliographic Details
Published in:Managed Healthcare Executive 2008-11, Vol.18 (11), p.10
Main Author: Eriksen, John
Format: Article
Language:English
Subjects:
Compliance
Enforcement
Federal regulation
Health insurance
Health Insurance Portability & Accountability Act 1996-US
Privacy
Settlements & damages
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Approximately five years after the promulgation of the final privacy and security regulations under HIPAA, and two and a half years after the promulgation of a final rule addressing the implementation of civil money penalties, the first-ever monetary settlement paid, and Resolution Agreement/CAP, to resolve a potential violation of the HIPAA privacy and security standards was entered into between Department of Health and Human Services, Office of Civil Rights and the Centers for Medicare and Medicaid and Providence Health and Services, Providence Health System, and Providence Hospice and Home Care. The settlement demonstrates several take-away points. These include: 1. No single egregious violation need be involved. 2. An entity's response to a security/privacy breach must be immediate and comprehensive. 3. HHS may hold entities responsible even if the inappropriate disclosures are a result of third-party actions, including outright theft by an unknown third party.
ISSN:1533-9300
2150-7120