HIPAA Audits, Security Breaches Keep Health Care Providers on Their Toes

Lora Bentley

Earlier this summer, the U.S. Department of Health and Human Services conducted its first audit under the Health Insurance Portability and Accountability Act security provisions. Understandably, it got a lot of coverage just because it was the first of its kind.


Now, it seems the agency is ramping up its audit efforts. Computerworld reports:

[T]he U.S. Department of Health and Human Services (HHS) is starting to swing the enforcement rule -- a dowdy part of the Health Insurance Portability and Accountability Act (HIPAA) that few people read -- like a scythe in a field of weedy policies and overgrown practices.

Not that this shouldn't be expected, writer Jon Espenschied says, given the steep increase in emphasis on "governance reform and example-making." And companies need to realize that they will be held responsible for breaches within their organizations. As an example, he points to San Diego's Council of Community Clinics' experience with a disgruntled former employee who returned and destroyed patient records:

When a systems or network administrator with broad access leaves an organization, hand-waving does not constitute proper revocation of access. Sure, the reality of working in a small organization means that separation of duties may be a luxury (and the HIPAA rules allow more leeway for small health care providers). However, that's no excuse for lack of monitoring to the degree that one simply does not know what the administrator installed or had access to, nor is it an excuse for failing to close off access before a new administrator arrives.

Add Comment      Leave a comment on this blog post
Oct 3, 2007 6:51 AM Mark Mark  says:
Lots of hot air if ask me. I don't think the current administration wants to additional spend money or effort on enforcement of this new law. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.