Tuesday, April 24, 2007

New HIPAA Privacy Compliance and Enforcement Website

Yesterday I received an email via the OCR-Privacy listserv announcing the launch of a new HHS web site on HIPAA Privacy Compliance and Enforcement.


I haven't had time to check out the new website but plan to in the coming days. While scanning the website I found the "Enforcement Highlights" and "Case Examples" section very interesting. In the meantime, here is the press release issued in the email by HHS.

To coincide with the fourth anniversary of the enforcement of the HIPAA Privacy Rule, the Department of Health and Human Services (HHS) announced today the launch of an enhanced Web site that will make it easier for consumers, health care providers and others to get information about how the Department enforces health information privacy rights and standards. In launching the website, Winston Wilkinson, the Director of the HHS Office for Civil Rights, noted: "HHS has obtained significant change in the privacy practices of covered entities through its enforcement program. Corrective actions obtained by HHS from these entities have resulted in change that is systemic and affects all the individuals they serve."


The Health Information Privacy Web site provides comprehensive information about the Privacy Rule, which creates important federal rights and requirements to protect the privacy of personal health information. The enhanced Web site, http://www.hhs.gov/ocr/privacy/enforcement provides information for consumers, health care providers, health plans and others in the health care industry about HHS’s compliance and enforcement efforts. The new information describes HHS activities in enforcing the Privacy Rule, the results of those enforcement activities, and statistics showing which types of complaints are received most frequently and the types of entities most often required to take corrective as a result of consumer complaints. The other information on the Web site covers consumers’ rights to access their health information and significantly control how their personal health information is used and disclosed, as well as guidance about how to submit complaints about possible violations of the law and extensive guidance for entities who must comply with the rule.


HHS issued the patient privacy protections pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The first and only comprehensive federal privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers took effect on April 14, 2003. Developed by HHS, these standards provide patients with access to their medical records and more control over how their personal health information is used and disclosed. The regulation covers health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions (e.g., enrollment, billing and eligibility verification) electronically. HHS has conducted extensive outreach and provided guidance and technical assistance to providers and businesses to help them to implement the new privacy protections. These materials are available at http://www.hhs.gov/ocr/hipaa.

2 comments:

Anonymous said...

I would like to inform your website visitor about a webcast that is going to be conduct on December 11, 2007 9 am PT/12 pm ET on subject “How Information Governance and Compliance Pay”
This webcast is based on recent research conducted by the IT Policy Compliance Group, focuses on fact-based insight into how improving information governance, risk and compliance, reduces costs, financial risk and the loss of sensitive data.
You website visitor who are interested in this webcast can learn about the steps should be taking to:
• Reduce labor costs
• Mitigate and avoid significant financial risk and loss
• Improve information governance results
• Improve regulatory compliance results
More information about this webcast is available at http://www.compliancehome.com/symantec/

Rajat Dhameja said...

The release of a more thorough and stringent standards / guidelines website for HIPAA is great. Wish the website was ready and available in 2007 when our team was working on revising compliance program documents for launch into Medicare Advamntage. Nevertheless, we did a great job.

Rajat Dhameja, MHA