• About Us
  • Events
  • Spotlight Series
  • Webinars
  • WhitePapers
  • Videos
  • Podcasts
  • Innovators
    1. Home

    The New Era of HIPAA Security Rule Enforcement

    June 24, 2011
    Many industry observers took great interest in the Department of Health and Human Services (HHS) Office of Inspector General's (OIG) HIPAA security
    Many industry observers took great interest in the Department of Health and Human Services (HHS) Office of Inspector General's (OIG) HIPAA security compliance audit of Piedmont Hospital in Atlanta last year. Â The Piedmont Hospital audit was noteworthy for two reasons. Â First, it was apparently the first HIPAA security compliance audit. Â Second, it was surprising to many that the audit was being conducted by OIG, rather than the CMS Office of E-Health Standards and Services, the HHS office with primary responsibility for HIPAA Security Rule compliance. Â Now it appears that CMS is getting underway with its own security compliance program. In the February issue of Report on Patient Privacy, Tony Trenkle, the director of the CMS office, comments on CMS's intention to conduct compliance reviews of covered entities "for the foreseeable future." Trenkle first spoke of the initiative at a HIPAA security compliance workshop hosted by CMS and the National Institute of Standards and Security on January 16 outside Washington, D.C. Trenkle says that 10-20 compliance reviews will be commenced between now and September, with the assistance of contracted vendors PricewaterhouseCoopers. Â Organizations that will be targeted for review will be entities that have already been investigated for a HIPAA security complaint ("filed against entities" or "FAEs"). Â CMS intends to post a security compliance checklist on its website within the next month to assist covered entities in preparing for the reviews. It will be particularly interesting to see how CMS chooses to interpret noncompliance with the broad, flexible Security Rule standards. Â To what extent will CMS accept an organization's security risk assessment, and the measures that arose from that assessment, at face value? Â How will CMS view an organization that has implemented reasonable security measures, but hasn't conducted a proper risk assessment to support those decisions? In short, it appears that the era of HIPAA security compliance enforcement has begun. Â Nearly three years after the Security Rule compliance date, no one can say that they didn't have time to prepare. Â

    Continue Reading

    Sponsored Recommendations

    A Cyber Shield for Healthcare: Exploring HHS's $1.3 Billion Security Initiative

    Unlock the Future of Healthcare Cybersecurity with Erik Decker, Co-Chair of the HHS 405(d) workgroup! Don't miss this opportunity to gain invaluable knowledge from a seasoned ...

    Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

    This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

    Spotlight on Artificial Intelligence

    Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

    Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

    This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...