Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

Similar presentations


Presentation on theme: "THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA."— Presentation transcript:

1 THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA Enforcement Highlights

2 Copyright 2012 Strategic Management Services, LLC Providence Health & Services (Providence) July 2008 Resolution Agreement with HHS to settle potential violations of the HIPAA Privacy and Security Rules. Providence removed and left backup tapes, optical disks, and laptops containing unencrypted protected health information unattended. Subsequently, the media and laptops were lost or stolen. Compromised the protected health information for over 300,000 patients. 2

3 Copyright 2012 Strategic Management Services, LLC Providence Health & Services (Providence) July 2008 Under the three year Resolution Agreement, Providence agreed to: Pay $100,000. Implement a corrective action plan: Revise policies and procedures. Train workforce members. Conduct audits and site-visits. Submit compliance reports. 3

4 Copyright 2012 Strategic Management Services, LLC Blue Cross and Blue Shield of Tennessee (BCBST) October 2009 Settled with the government in response to alleged violations of the HIPAA requirements. 57 unencrypted computer hard drives were stolen, containing over one million individuals protected health information. BCBST had not performed the necessary security evaluation prior to storing individuals protected health information at the facility. 4

5 Copyright 2012 Strategic Management Services, LLC Blue Cross and Blue Shield of Tennessee (BCBST) October 2009 Under Settlement Agreement, BCBST is required to: Pay $1.5 million. Develop a corrective action plan: Review and update HIPAA policies and procedures. Administer HIPAA training to its workforce. Update the facility access plans to prevent future thefts of protected health information. 5

6 Copyright 2012 Strategic Management Services, LLC Cignet Health of Prince Georges County, MD October 2010 OCR fined Cignet Health with a civil money penalty (CMP) for violating HIPPA requirements. Cignet Health denied 41 patients access to their medical records. They received a $1.3 million CMP. Cignet Health failed to cooperate in the OCR investigation. They received a $3 million CMP. Cignet did not request a hearing, and therefore, the total CMP of $4.3 million is final. 6

7 Copyright 2012 Strategic Management Services, LLC Massachusetts General Hospital (MGH) February 2011 Settled with the government in response to violation of HIPAA Privacy Rule. An MGH employee lost information on the subway train for 192 patients of MGHs Infectious Disease Associates outpatient practice. These unrecovered documents included information such as patient names, date of birth, medical record number, health insurer and policy numbers, diagnosis and names of providers. 7

8 Copyright 2012 Strategic Management Services, LLC Massachusetts General Hospital (MGH) February 2011 Under the three year Resolution Agreement, MGH agreed to: Pay $1 million. Develop a corrective action plan: Revise policies and procedures. Train workforce members. Authorize Director of Internal Audit Services of Partners Healthcare System Inc. to act as an internal monitor. 8

9 Copyright 2012 Strategic Management Services, LLC The University of California at Los Angeles Health System (UCLAHS) July 2011 Resolution agreement with HHS to settle potential violations of the HIPAA Privacy and Security Rules. Two complaints that employees were inappropriately examining protected health information of patients. UCLAHS had not documented or made available Security Rule training for employees, sanction employees for their actions, or have adequate security measures to protect patient health information. 9

10 Copyright 2012 Strategic Management Services, LLC Under the three year Resolution Agreement, UCLAHS agreed to: Pay $865,500. Enforce a Corrective Action Plan: Revise policies and procedures. Distribute and update policies and procedures. Train workforce members. Assign an independent individual or agency to monitor compliance. The University of California at Los Angeles Health System (UCLAHS) July 2011 10

11 Copyright 2012 Strategic Management Services, LLC Conclusion Under the Patient Protection and Affordable Care Act, the HHS Office for Civil Rights is required to increase enforcement activities of security, privacy, and breach. Providers must ensure they have adopted the necessary safeguards. Safeguard include: Developing HIPAA policies and procedures. Developing and administering HIPAA compliance training. Conducting HIPAA Risk Assessments. Forming HIPAA-related strategies and business plans. Strategic Management help your organization with these safeguards and more. 11


Download ppt "THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA."

Similar presentations


Ads by Google