Webinars Qualify for IAPP CEs
New On-Demand Webinar
Learn What Class Action Attorneys Look for in HITECH Breaches
May 1, 2014
Confronting HIPAA & HITECH Vulnerabilities in Health Data Registries
Feb. 27, 2014
Order On-Demand Access
HIPAA/HITECH Compliance & FDA's Mobile Medical Apps Guidance
Oct. 30, 2013
Listen to a Sample
Don't Act Rashly in Punishing Security Violations!
3-Part Series: Domino Effects of HIPAA & HITECH on the Workforce
2-Part Webinar Package
Cutting Through the Hype On HIPAA & HITECH Enforcement
Save More than $100 When You Order Both CDs
The Effects of the Supreme Court Rulings on Same-Sex Marriage on Patient Rights, and HIPAA and HITECH Compliance Aug. 13, 2013
Listen to a Sample
Understanding & Deploying OCR's New Data De-Identification Guidance
Jan. 17, 2013
Understanding & Coping with the New HITECH Regulations - 2 Part Webinar Series
A Strategic Approach to Protecting Yourself from HIPAA Audits
3-Part Series: Domino Effects
of HIPAA & HITECH on the Healthcare Workforce
July, Aug. & Sept. 2012
Theft Continues to Lead the Way for HITECH Breaches
|Overview of BA Breaches
As of Aug. 17, 2014
||Unauthorized Access/ Disclosure
|Source: Health Information Privacy/Security Alert Analysis of HHS Office for Civil Rights Data
Health data breaches involving more than 500 patients rose to 1,083 from 1,065 as OCR posted 18 new incidents affecting more than 1,623,197 patients, according to the latest analysis by HIP/SA of OCR data from July 18 through August 17. More than 33,773,557 patients have been affected overall since OCR started publishing data.
Business Associates (BA) may have been involved in as many as 310 incidents, which suggests BAs were involved in five of the 18 newly listed incidents.
However, that number is uncertain because the OCR statistics do not indicate whether a Business Associate was involved in at least two dozen instances.
Theft was the leading cause of all reported breaches, accounting for 552 by itself and involved in more than 52 other instances. Unauthorized Access/Disclosure accounted for 153 incidents by itself as well. It was involved in more than 58 incidents as well.
A fuller analysis of the health data breaches is available in Health Information Privacy/Security Alert.
Take advantage of a special offer for a one-year e-subscription to Health Information Privacy/Security Alert. click here
HIPAA Complaints Plummet in June
OCR reported it received 98,279 HIPAA patient complaints as of June 30 and since the agency began enforcing the privacy rule in April 2003.
The number indicated that the monthly number of patient complaints filed with OCR plummeted to 577 in June from the 2,114 it received in May. It received 1,143 complaints in April.
Of the 32,958 complaints that fell within OCR's jurisdiction since April 2003, 22,706 required corrective action by covered entities (CEs).
Investigations of the remaining 10,252 complaints within OCR's jurisdiction found no violation. That meant that 60 complaint investigations did not uncover a HIPAA violation in June.
OCR said it resolved 95% of all the complaints that it had received since April 2003. That resolution level also included a very large number of complaints (60,277)) that did not fall within OCR's jurisdiction.
Almost two-thirds of patient complaints lodged with OCR fall outside the agency's jurisdiction.
The privacy areas investigated most often were:
- Impermissible uses and disclosures of protected health information (PHI);
- Lack of safeguards of PHI;
- Lack of patient access to their PHI;
- Uses or disclosures of more than the Minimum Necessary PHI; and
- Lack of administrative safeguards of electronic PHI.
OCR Security Stats
OCR said that as of June 30, it received 901 complaints alleging a security rule violation since it took over enforcement from CMS in October 2009. The agency statistics suggested that it received 21 complaints in June. It received 21 In May and 21 in April.
The agency said it closed 658 after investigation and corrective actions taken by CEs as of June 30. That indicated that the agency closed 14 cases in June. It closed 25 cases in May and 14 cases in April.
HIPAA Transactions Standards
CMS Did Not Update Stats Since January 2014
| Complaints Received by CMS
Through Jan. 31, 2014
| Complaint Type
| Transaction and Code Sets
| National Provide Identifier
| No Civil Penalties Imposed
Open –Outstanding issues remain. Entity may be under a corrective action plan or additional information from either the complainant, the filed against entity, or both is being sought.
Closed–No further action required. All issues have been sufficiently resolved.
| Source: CMS
© 2014 Melamedia LLC
HIPAA & Breach Enforcement Stats
Did HITECH Increase HIPAA Patient Complaints? HIPAA/HITECH Act Enforcement 2003-2013:
The Role of Patient Complaints in Medical Privacy and Data Security
The Ripple Effects of HHS Proposed Requirements
for Accounting of Disclosures
The Nuts & Bolts of Insurance & Covering
The Costs of Health Data Breaches
for a complete list of webinars