Stay ahead of developments in federal and state health care law, regulation and transactions with timely, expert news and analysis.
Two recent federal reports to Congress show the Department of Health and Human Services fielding tens of thousands of complaints about Health Insurance Portability and Accountability Act violations—including breaches of HIPAA-protected data—since enforcement of the various HIPAA rules began in 2003.
The HHS Office for Civil Rights Sept. 1 released two reports detailing HHS's enforcement of the HIPAA Privacy and Security rules since 2003 and 2005, respectively, and information about data breaches reported to the agency since 2009.
The reports—sent to congressional committees in August—were mandated in the Health Information Technology for Economic and Clinical Health (HITECH) Act.
OCR said in the report on HIPAA Privacy and Security rule compliance that HHS received more than 57,000 complaints of Privacy Rule violations between April 2003 (when compliance with the rule was required) and December 2010. Of those complaints, HHS investigated more than 19,000, finding no violation in 34 percent of the cases.
HHS received more than 800 complaints alleging Security Rule violations between April 2005 (when compliance with that rule was required) and December 2010. The department investigated nearly 290 of the complaints, finding no violation in nearly half the cases.
In a separate report on data breaches, OCR said HIPAA-covered entities reported more than 250 large data breaches, defined as those involving the protected health information of more than 500 individuals, in 2009 and 2010. In those cases, covered entities also must notify affected individuals.
For 2009 and 2010, covered entities notified a total of 7.8 million people that their protected health information was compromised in a data breach, OCR reported.
The HITECH Act for the first time mandated that breaches of HIPAA-protected health data be reported to HHS and, in some cases, to affected individuals.
The most common cause of data breaches in both years covered by the OCR report was theft of paper records or electronic media containing patient information. Other top causes of breaches included unauthorized access, use or disclosure of protected patient information, and human error.
In addition to the large breaches, covered entities reported more than 30,500 smaller breaches to HHS in 2009 and 2010.
OCR said most of those breaches affected just one individual and were caused by misdirected communications, such as mistakenly mailing or faxing clinical or claims data or test results to the wrong person.
The reports are available at http://www.hhs.gov/ocr/privacy/hitechrepts.html .
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)