Topics:
Security
Inspector General Confirms It: Little HIPAA Enforcement
A nationwide review of the Centers for Medicare & Medicaid Services' (CMS) HIPAA compliance by the U.S. Department of Health & Human Services Office of Inspector General found that little action was taken by governed organizations (health care providers and others that collect, store, or manage patient data) to implement adequate security controls. This is from an overview of the IG's findings:
The HIPAA Security Rule is fairly simple: entities that manage patient data need to protect that data by making sure it stays confidential, that it isn't altered, and can't be accessed by those not authorized. Hospitals knew these rules were coming since 1996. And while the final HIPAA rules went into effect in April 2005 for large health organizations, protecting the confidentiality, integrity, and availability of information should be considered basic due diligence. And it's time, in my opinion, that any organization that has failed to put in place the most basic of measures to secure patient privacy be fined. You can find a copy of the full IG report here. « Always Think Before You Submit | Main | The Great Experiment: Integrating FriendFeed With Twitter » |
| Sign Up Now For InformationWeek News Alerts |
This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
