FierceHealthcareFierceHealthITFierceHealthFinanceHospital Impact   FierceCIOFierceMobileITFierceSarbox

HHS plans surprise HIPAA audits

March 3, 2008 — 7:59am ET
Tools
Tags
security breaches
ahima
hospitals
medical data
HIPAA
Department of Health and Human Services (HHS)
privacy
security breach

According to survey data released at HIMSS last week, 25 percent of hospitals surveyed had seen a security breach within the past year. Even worse, research firm SecureWorks has seen an 85 percent increase in the number of attempted break-ins directed at its healthcare clients, climbing from 11,146 per client per day in the first half of 2007 to an average of 20,630 per day in the last half of 2007 through January 2008.

Now, HHS wants to find out whether this is because hospitals aren't providing adequate security to protect patients' HIPAA rights. (Given the above break-in stats, it's hardly surprising that HHS hasn't taken an interest sooner, in fact.) While the audit results will be posted online by the agency, the facilities won't be named unless HHS finds evidence of serious problems. Regardless, I'm sure hospitals that get audited will be sweating bullets--and I'm betting that HHS will find far more serious breaches than CEOs expected.

To learn more about the audits:
- read this Network World piece

Related Articles:
Group to create health data security protection standard. Article
HIT group offers medical data security standards. Article
AHIMA demands better PHR privacy protections. Article
More hospital data security breaches. Article

Comments (2) | Post a comment

Comments

By GrantHinkle | Posted 5:20pm | March 4, 2008

This is very big news for the Healthcare industry. It would be severely detrimental to the reputation of an organization if they were to appear on the HHS site.

Taking a proactive approach now will help to ensure that organizations won't be in a reactive panic if the external auditors come knocking later.

The F1000 companies in the Health and Life Sciences industry that we work with utilize the following as a best practice approach:

1. Centralize and standardize your organization's policies.

2. Map your policies and control standards to the authoritative sources that govern your business such as HIPAA.

3. Promote and communicate policy awareness across your enterprise to relevant employees.

4. Assess, report and demonstrate compliance with your policies and industry regulations before the regulators make their appearance.

Hopefully by staying ahead of the game, your reader's organizations will avoid showing up on the HHS web site.

Grant Hinkle
Archer Technologies
www.archer-tech.com

By Bobcat | Posted 1:08am | March 5, 2008

The forfeit on the rights of the patient and the rights of the hospital staff sounds like a drastic need for in the job training.

If there are 20,000 cases and 11,000 are divulged and grapevined out in the public.

1. the employees do not understand the law and ethics in the work place.

2. there is a revolt with a certain ethnic group and the group is feeling devaluedd

3. The hospital is hiring immigrant workers, whose visa's have expired.

There could be a smorgasborg of reasons why, however, qualitycontrol is expected to be ontop of issues of this nature. Unless, not all inappropriate acts are being written up. This will in turm prove statistically a problem, but the problem itself will not be evident.

For instance, all locks are to be locked on hospital beds. There is a place on the nursing progess notes, which the disignated staff is required to post and investigate the locks being secure on the patients bed.

Suppose you are employed on an orthpaedic floor. Patients are normally required to ambulate right after the surgery. This is not to up grade nor downgrade, but suppose each month there is at least 8 slip and falls stemming all from orthopaedic patients. However, the cause which is the brakes were not on the bed, but the box was checked.

You have the statistical proof, the incident report, and the patients understanding of the fall, but no one has thought of the beds being unlocked.

Post new comment

The content of this field is kept private and will not be shown publicly.

More information about formatting options

What is 1 + 0?
To combat spam, please solve the math question above.