HHS plans surprise HIPAA audits

March 3, 2008 — 6:59am ET

Tools

Tags
privacy
security breach
security breaches
ahima
hospitals
medical data
HIPAA
Department of Health and Human Services (HHS)

According to survey data released at HIMSS last week, 25 percent of hospitals surveyed had seen a security breach within the past year. Even worse, research firm SecureWorks has seen an 85 percent increase in the number of attempted break-ins directed at its healthcare clients, climbing from 11,146 per client per day in the first half of 2007 to an average of 20,630 per day in the last half of 2007 through January 2008.

Now, HHS wants to find out whether this is because hospitals aren't providing adequate security to protect patients' HIPAA rights. (Given the above break-in stats, it's hardly surprising that HHS hasn't taken an interest sooner, in fact.) While the audit results will be posted online by the agency, the facilities won't be named unless HHS finds evidence of serious problems. Regardless, I'm sure hospitals that get audited will be sweating bullets--and I'm betting that HHS will find far more serious breaches than CEOs expected.

To learn more about the audits:
- read this Network World piece

Related Articles:
Group to create health data security protection standard. Article
HIT group offers medical data security standards. Article
AHIMA demands better PHR privacy protections. Article
More hospital data security breaches. Article