Lack of Business Associate Identification/ contracting and patient information THEFT at top of the list for actionable offenses.
The Washington DC HIPAA conference, presented by the head of OCR/NIST and other government agencies, attended by Dr. Ty Talcott of HIPAA Compliance Services, was geared toward those agencies clarifying what they have done in the past and their vision for the future relative to department development and inter agency cooperation/information sharing, however, there was information critical to private practitioners:
- There have been over 14,000 complaints to OCR regarding HIPAA! While nearly a third are found to require no action, 4500 of those have lead to significant levels of investigation and varying resolutions.
- Most of those 4500 complaints, 60%, were relative to THEFT of information with 33% being stolen, unencrypted laptops.
- Many complaints are relative to physicians’ business associates (defined by the new OMNIBUS rules as individuals/entities that store, transmit or access a doctors’ PHI) inappropriately handling the doctors’ information.
- Past enforcement has come from patient complaints and pilots audit programs, but the future will hold a great deal of new enforcement initiatives as the problems are increasing vs. decreasing -as originally hoped by government agencies.
- Many doctors will be informed they are on a list for a potential audit and if they do not cooperate completely and promptly there is an increased chance that a ‘desk audit’ will become an onsite audit.
BEWARE: purportedly there will be invitations for some covered entities (clinics, et. al. ) to participate in voluntary programs to improve HIPAA government efficiency, etc… it was clearly stated that participation in projects does not provide a ‘safe harbor’ or immunity and that pursuing non-compliance, that may be revealed from such activities, is NEVER ‘OFF THE TABLE’.
About: For more information on this topic or other HIPAA compliance questions, please contact Dr. Ty Talcott, CHPSE, at HIPAA Compliance Services – a company dedicated to protecting healthcare professionals by producing simplified “how to” step-by-step training materials and procedures to assist doctors and clinic support personnel with establishing, maintaining and updating their HIPAA compliance program.