Report cards were a way of life when we were in school. When it comes to HIPAA Privacy, Security and HITECH Act enforcement, the same holds true for the Office for Civil Rights (OCR).
Recently, the OCR issued two detailed reports on 2009-2010 HIPAA compliance activity, one focused on the Privacy and Security Rules, the other focused on breaches of unsecured Protected Health Information (PHI). Here are the highlights for professionals involved with group health plans, either as a Covered Entity or a Business Associate:
· Enforcement continues to be largely complaint driven. The OCR is launching a pilot audit program. The OCR also wants to create rules so that it is easier to issue civil money penalties.
· HIPAA compliance is starting to generate revenue for the federal government:
o CVS Pharmacy: $2.25 million (2009)
o Rite Aid: $1 million (2010)
o Management Services Organization: $35,000 (2010)
o Cignet Health: $4.3 million (early 2011)
Read full article in Infinisource Newsroom.
