Your SlideShare is downloading. ×
Dialogue on HIPAA/HITECH  Compliance
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Dialogue on HIPAA/HITECH Compliance

801

Published on

Director Rodriguez provides an overview to the new impact of the Omnibus HIPAA Rulemaking and highlights OCR’s commitment to enforcement, audit and education initiatives in the coming year.

Director Rodriguez provides an overview to the new impact of the Omnibus HIPAA Rulemaking and highlights OCR’s commitment to enforcement, audit and education initiatives in the coming year.

Published in: Health & Medicine
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
801
On Slideshare
0
From Embeds
0
Number of Embeds
18
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Dialogue on HIPAA/HITECHComplianceDirector Leon RodriguezU.S. Department of Health and Human ServicesOffice for Civil RightsOCR/NIST 6th Annual ConferenceSafeguarding Health Information: Building Assurance through HIPAASecurityMay 22, 2013
  • 2. Resolution Agreement with IdahoState University• ePHI of approximately 17,500 individuals was accessiblefrom August 2010 to May 20, 2011 because an ISU serverfirewall was disabled;• ISU’s risk analyses and assessments of its clinics wereincomplete and inadequate to thoroughly identify potentialrisks or vulnerabilities to ePHI as well as an assessment onthe likelihood of whether potential risks would occur;• OCR further concluded that ISU did not apply propersecurity measures and policies to address risks to ePHI andthat it did not have in place procedures for routine reviewof information system activity which could have detectedthe breach in the firewall much sooner;• Overall, ISU failed to ensure the uniform implementation ofrequired Security Rule protections at each of its coveredclinics;• ISU agreed to a corrective action plan and paid OCR asettlement of $400,000.U.S. Department of Health and Human Services, Office for Civil Rights May 22, 2013 | page 2
  • 3. Total of $14,883,345 in ResolutionAgreements and CMPs Since 2008U.S. Department of Health and Human Services, Office for Civil Rights May 22. 2013 | page 3Covered Entity Amount DateHospice of North Idaho $50,000 December 28, 2012Massachusetts Eye and Ear Institute $1.5 Million September 17, 2012Alaska DHSS $1.7 Million June 26, 2012Phoenix Cardiac Surgery $100,000 April 13, 2012BCBS Tennessee $1.5 Million March 13, 2012University of California atLos Angeles Health System$865,500 July 6, 2011Massachusetts General Hospital $1 Million February 14, 2011Cignet Health ofPrince Georges County, MD (CMP)$4.3 Million(Summary Judgment by U.S. District Courtfor $4,782,845.43)February 4, 2011(August 28, 2012)Management Services Organization ofWashington, Inc.$35,000 December 13, 2010Rite Aid Corporation $1 Million July 27, 2010CVS Pharmacy, Inc. $2.25 Million January 16, 2009Providence Health & Services $100,000 July 16, 2008Total Complaints filed (since 2003): 74,554 Total Cases Investigated: 26,513 Total Cases with Corrective Action: 17,767
  • 4. Be Smart and Implement Best PracticesRisk analysis, ongoing risk management, and routineinformation system reviews are the cornerstones of aneffective HIPAA security compliance program.U.S. Department of Health and Human Services, Office for Civil Rights May 22, 2013 | page 4Together, proper security measures and policies help mitigatepotential risk to patient information.
  • 5. Questions?OCR website www.HHS.gov/OCRU.S. Department of Health and Human Services, Office for Civil Rights May 22. 2013 | page 5

×