• Hypertrophic Cardiomyopathy (HCM)
  • Vaccines: 2023 Year in Review
  • Eyecare
  • Urothelial Carcinoma
  • Women's Health
  • Hemophilia
  • Heart Failure
  • Vaccines
  • Neonatal Care
  • Type II Inflammation
  • Substance Use Disorder
  • Gene Therapy
  • Lung Cancer
  • Spinal Muscular Atrophy
  • HIV
  • Post-Acute Care
  • Liver Disease
  • Biologics
  • Asthma
  • Atrial Fibrillation
  • RSV
  • COVID-19
  • Cardiovascular Diseases
  • Prescription Digital Therapeutics
  • Reproductive Health
  • The Improving Patient Access Podcast
  • Blood Cancer
  • Ulcerative Colitis
  • Respiratory Conditions
  • Multiple Sclerosis
  • Digital Health
  • Population Health
  • Sleep Disorders
  • Biosimilars
  • Plaque Psoriasis
  • Leukemia and Lymphoma
  • Oncology
  • Pediatrics
  • Urology
  • Obstetrics-Gynecology & Women's Health
  • Opioids
  • Solid Tumors
  • Autoimmune Diseases
  • Dermatology
  • Diabetes
  • Mental Health

HIPAA compliance must address organization oversight


HHS is giving HIPAA enforcement efforts more teeth with fees and Corrective Action Plans

Approximately five years after the promulgation of the final privacy and security regulations under HIPAA, and two and a half years after the promulgation of a final rule addressing the implementation of civil money penalties, the first-ever monetary settlement paid, and Resolution Agreement/CAP, to resolve a potential violation of the HIPAA privacy and security standards was entered into between Department of Health and Human Services, Office of Civil Rights (OCR) and the Centers for Medicare and Medicaid (CMS) and Providence Health and Services, Providence Health System, and Providence Hospice and Home Care.

Providence agreed, without any admission of liability, to pay the government $100,000 and implement a comprehensive, three-year Corrective Action Plan (CAP). OCR and CMS had launched their investigation after Providence notified the state of Oregon, and affected patients, of the data breach, some of whom then filed complaints with the federal government.

This settlement appears to be a part of a trend of increased complaints of violations and enforcement by the OCR. Also, in March 2007, the OIG began auditing covered entities' compliance with the privacy and security regulations as well as OCR regulators being granted the authority to issue subpoenas in its civil privacy investigations without having to first seek the approval of the HHS Secretary. The enforcement trend and the settlement sends a signal to the industry of the need to elevate privacy and security as a focus area of compliance.

Now that HHS likely believes that covered entities have had sufficient time (approximately five years) to come into compliance with HIPAA privacy and security rules, HHS may be concluding that the time has come to add some "teeth" to its enforcement.

As such, the action taken against Providence is probably not an isolated measure, and is more likely the harbinger of a more aggressive approach to enforcement.

This column is written for informational purposes only and should not be construed as legal advice.

John Eriksen is a senior associate at Epstein, Becker and Green, P.C. in its Health Care and Life Sciences practice group and focuses primarily on health regulatory, compliance, managed care and transactional matters.

Related Videos
Video 9 - "Denial of Coverage in Fertility Care"
Video 8 - "Risks of Miscarriage and Multiple Births Associated with Fertility Care"
Video 7 - "Fertility Preservation: Egg Freezing Versus Embryo Freezing"
Video 6 - "Family Building Costs, Barriers, and Dropout Rates Associated with Fertility Care"
Video 5 - "Closing Payer Gaps and Improving Fertility Care Access"
Video 4 - "Increasing Employer Coverage and Maximizing Fertility Benefits "
Video 5 - "Relevance of NUTURE Study Findings for Patients, Payers, Providers"
Video 3 - "Improving IVF Success Rates & Utilizing AI in Fertility Health Care"
Video 2 - "Holistic Fertility Management and Payer Collaboration"
Video 5 - "Relevance of NUTURE Study Findings for Patients, Payers, Providers"
Related Content
© 2024 MJH Life Sciences

All rights reserved.