Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

Published byBelen Holliday Modified over 10 years ago

Similar presentations

Presentation on theme: "THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA."— Presentation transcript:

1 THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA Enforcement Highlights

2 Copyright 2012 Strategic Management Services, LLC Providence Health & Services (Providence) July 2008 Resolution Agreement with HHS to settle potential violations of the HIPAA Privacy and Security Rules. Providence removed and left backup tapes, optical disks, and laptops containing unencrypted protected health information unattended. Subsequently, the media and laptops were lost or stolen. Compromised the protected health information for over 300,000 patients. 2

3 Copyright 2012 Strategic Management Services, LLC Providence Health & Services (Providence) July 2008 Under the three year Resolution Agreement, Providence agreed to: Pay $100,000. Implement a corrective action plan: Revise policies and procedures. Train workforce members. Conduct audits and site-visits. Submit compliance reports. 3

4 Copyright 2012 Strategic Management Services, LLC Blue Cross and Blue Shield of Tennessee (BCBST) October 2009 Settled with the government in response to alleged violations of the HIPAA requirements. 57 unencrypted computer hard drives were stolen, containing over one million individuals protected health information. BCBST had not performed the necessary security evaluation prior to storing individuals protected health information at the facility. 4

5 Copyright 2012 Strategic Management Services, LLC Blue Cross and Blue Shield of Tennessee (BCBST) October 2009 Under Settlement Agreement, BCBST is required to: Pay $1.5 million. Develop a corrective action plan: Review and update HIPAA policies and procedures. Administer HIPAA training to its workforce. Update the facility access plans to prevent future thefts of protected health information. 5

6 Copyright 2012 Strategic Management Services, LLC Cignet Health of Prince Georges County, MD October 2010 OCR fined Cignet Health with a civil money penalty (CMP) for violating HIPPA requirements. Cignet Health denied 41 patients access to their medical records. They received a $1.3 million CMP. Cignet Health failed to cooperate in the OCR investigation. They received a $3 million CMP. Cignet did not request a hearing, and therefore, the total CMP of $4.3 million is final. 6

7 Copyright 2012 Strategic Management Services, LLC Massachusetts General Hospital (MGH) February 2011 Settled with the government in response to violation of HIPAA Privacy Rule. An MGH employee lost information on the subway train for 192 patients of MGHs Infectious Disease Associates outpatient practice. These unrecovered documents included information such as patient names, date of birth, medical record number, health insurer and policy numbers, diagnosis and names of providers. 7

8 Copyright 2012 Strategic Management Services, LLC Massachusetts General Hospital (MGH) February 2011 Under the three year Resolution Agreement, MGH agreed to: Pay $1 million. Develop a corrective action plan: Revise policies and procedures. Train workforce members. Authorize Director of Internal Audit Services of Partners Healthcare System Inc. to act as an internal monitor. 8

9 Copyright 2012 Strategic Management Services, LLC The University of California at Los Angeles Health System (UCLAHS) July 2011 Resolution agreement with HHS to settle potential violations of the HIPAA Privacy and Security Rules. Two complaints that employees were inappropriately examining protected health information of patients. UCLAHS had not documented or made available Security Rule training for employees, sanction employees for their actions, or have adequate security measures to protect patient health information. 9

10 Copyright 2012 Strategic Management Services, LLC Under the three year Resolution Agreement, UCLAHS agreed to: Pay $865,500. Enforce a Corrective Action Plan: Revise policies and procedures. Distribute and update policies and procedures. Train workforce members. Assign an independent individual or agency to monitor compliance. The University of California at Los Angeles Health System (UCLAHS) July 2011 10

11 Copyright 2012 Strategic Management Services, LLC Conclusion Under the Patient Protection and Affordable Care Act, the HHS Office for Civil Rights is required to increase enforcement activities of security, privacy, and breach. Providers must ensure they have adopted the necessary safeguards. Safeguard include: Developing HIPAA policies and procedures. Developing and administering HIPAA compliance training. Conducting HIPAA Risk Assessments. Forming HIPAA-related strategies and business plans. Strategic Management help your organization with these safeguards and more. 11

Download ppt "THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Component 1: Introduction to Health Care and Public Health in the U.S. Unit 6: Regulating Health Care Lecture 4 This material was developed by Oregon Health.

Component 1: Introduction to Health Care and Public Health in the U.S. Unit 6: Regulating Health Care Lecture 4 This material was developed by Oregon Health.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HITECH Regulations and Enforcement Director Leon Rodriguez U.S. Department of Health and Human Services Office for Civil Rights.

HITECH Regulations and Enforcement Director Leon Rodriguez U.S. Department of Health and Human Services Office for Civil Rights.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
1 The Current Reality of HIPAA Meredith L. Borden Venable LLP © April 18, 2008 The Current Reality of HIPAA Meredith L. Borden Venable LLP © April 18,

1 The Current Reality of HIPAA Meredith L. Borden Venable LLP © April 18, 2008 The Current Reality of HIPAA Meredith L. Borden Venable LLP © April 18,
Dr. Don Lloyd Cook Gill Ragon Owen, PA.  Practicing law in AR since 1989  Virginia Tech, Ph.D. in Marketing ◦ Virginia Tech Congressional Fellow in.

Dr. Don Lloyd Cook Gill Ragon Owen, PA.  Practicing law in AR since 1989  Virginia Tech, Ph.D. in Marketing ◦ Virginia Tech Congressional Fellow in.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.

Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Similar presentations

Ads by Google