HHS to Start Auditing For HIPAA Compliance

Wednesday, September 14, 2011

Emmett Jorgensen




Article by Emmett Jorgensen

Later this year the Department of Health and Human Services (HHS) will begin auditing health providers to ensure they are in compliance with the Health Insurance Portability and Accountability Act (HIPAA).

Despite both HIPAA and the HiTECH Act, healthcare data breaches have been popping up regularly in the news. 

A recent study found that over 70% of hospitals had patient data breaches last year.

These numbers have generated concern over Healthcare’s adoption of security procedures and the overall effectiveness of HIPAA. 

Although HIPAA requires healthcare organizations to encrypt all electronic protected health information (EPHI) they have been slow to implement the security needed to meet the HIPAA guidelines. 

The audits appear to be an attempt to address these concerns and motivate healthcare providers to step up their security measures to protect patient data.

Providers failing to comply with these HIPAA audits face potential fines and negative publicity.

For more information on HIPAA, checkout these resources:

- An Introductory Resource Guide to Implementing the HIPAA  Security Rule (PDF)

- HIPAA Survival Guide

Cross-posted from Kanguru Blog – Technology on the Move!

Possibly Related Articles:
Healthcare Provider
breaches HIPAA Compliance Data Loss Prevention HITECH Healthcare
Post Rating I Like this!
Colleen Curtin All the more reason to check this out...a great HIPAA and HITECH-compliant secure messaging solution, for replacing and supplementing pagers: ​https://miSecureMessages.com/h...
It's an app for smartphones and tablet devices that makes your device alert you like a pager with a secure message (except it saves you money because it costs Less than paging services and you can Do More with it--you can even secure message back and forth between your colleagues!). Your messages are received and sent instantly.
It even ties in with our OnCall Scheduling solution--letting you see your oncall schedule and change your status.
You'll love using it instead of that old pager, and so will your healthcare organization's budget!
Online Tech Encryption isn't technically required by HIPAA, but is considered a best practice. Do you know if they are auditing business associates as well?
Emmett Jorgensen I don't believe this first round of audits will target the business associates of healthcare providers. However, since HIPAA preaches training everyone involved in the handling of sensitive information, I think it will eventually move in that direction.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.