Last fall the U.S. Department of Health and Human Services (HHS) contracted the help of Pricewaterhouse Coopers (PwC) to start doing HIPAA compliance audits for them.
Since the HIPAA Privacy Rule went into effect in 2001 (and the Security Rule in 2003), the HHS had only done *ONE* audit...and that wasn't until last summer when they did one of a hospital, Atlanta's Piedmont Hospital, whose egregious non-compliance problems could not be ignored.
Hopefully this year the PWC audit activities will motivate more HIPAA covered entities (CEs) to take safeguarding personally identifiable information (PII) for their patients more seriously.
Related to this, I recently discussed "A Couple Of Little Known HIPAA Facts."
- Little known HIPAA fact: Covered entities must protect protected health information (PHI) appropriately when disposing of it in any form, including hard copy information.
- Little known HIPAA fact: Business Associates (BAs) of Covered Entities (CEs) must comply with the terms of HIPAA as outlined within their BA agreement.
There are, of course *MANY, MANY* more misconceptions and misunderstandings about HIPAA...perhaps good for another future blog post...
- Rebecca Herold's blog
- Login or register to post comments