When you go to the hospital, you might worry about catching a staph infection or pneumonia, but you should also worry about contracting a nasty case of medical identity theft. Most people suffer significant harm from medical ID theft, and few are completely cured. This ailment is spreading dramatically as data spurts out of healthcare organizations these days as if from a ruptured aorta.
In January of this year, an article citing U.S. Department of Health and Human Services (HHS) statistics noted that in the past 5 years, there have been roughly 120,000 reported data breaches involving HIPAA protected health information. These breaches have involved more than 31 million individuals.
Are privacy and security laws being enforced effectively? This post is post #5 of a series called Enforcing Privacy and Security Laws.
Under the Health Insurance Portability and Accountability Act (HIPAA), various organizations can be randomly selected to be audited – even if no complaint has been issued against them and even if there has been no privacy incident or breach.
What the audits thus far have revealed is quite alarming. I’ll discuss more on that later.
Are privacy and security laws being enforced effectively? This post is post #4 of a series called Enforcing Privacy and Security Laws.
The Health Insurance Portability and Accountability Act (HIPAA) regulations govern health information maintained by various entities covered by HIPAA (“covered entities”) and other organizations that receive health information from covered entities when performing functions for them. HIPAA is enforced by the Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS). Additionally, state attorneys general (AGs) may enforce HIPAA – only a few federal privacy laws can also be enforced by state AGs.