Why toughen HIPAA when nobody enforces it?
This week, House Ways and Means Committee members should be considering an economic stimulus package that includes provisions to beef up HIPAA. Yes, you heard me right--they're thinking about adding more stringent protections to a law that virtually never gets enforced anyway.
Sure, my headline is a bit of an exaggeration. Now and then, CMS has bagged a facility that seems to be committing particularly egregious HIPAA violations and slapped them with a fine. That's what happened last summer, for example, when a Seattle-based health system was hit with a $100,000 HIPAA fine after failing to secure various forms of data storage.
The truth is, however, that HIPAA enforcement has been anemic, to say the least. According to an HHS Inspector General's report issued late last year, CMS has not done a single security audit of hospital security systems since HIPAA went into effect in February 2006. (I suppose it doesn't help much that, according to IG research, CMS has received a grand total of 200 HIPAA complaints for the entire U.S.)
Meanwhile, the existing HIPAA regs have had what could be called a chilling effect on how healthcare providers interact with patients, with many applying the rules in an arbitrary, inconsistent and unreasonable manner, according to professional observers and consultants.
I would suggest that given these concerns, now is a good time to re-evaluate how HIPAA has been implemented. CMS should take a close look at why so few HIPAA complaints come through its doors, and providers should do spot tests to see how their staff is handling compliance. And federal legislators should do more investigation into the state of HIPAA training, compliance and enforcement, too.
Hey, as a healthcare consumer, it's hard to criticize honest efforts to protect patients. But there's no point in piling on rules until you really understand the problem. - Anne
Comments
By Anonymous | Posted 9:17am | January 26, 2009
Let's see - HMMMMMM the US loses billions of dollars to ID theft and fraud every year direclty related to a lack of HIPAA enforcement...so hmmm let's see should the law be enforced???
DUHHHHH?????
HIPAA needs to be enforced. All we have is talk, talk, talk, and more blather and industry lobbyists preventing enforcement.
Enforcing the law would greatly decrease the number of data breaches immediately.
The amount of data breaches attributable to health care providers is stagerring, embarrassing and ridiculous.
No one can argue that health care providers are in compliance with HIPAA or have networks that secure information.
Yes please make the HIPAA laws more stringent and please enforce the law routinely. Mandatory internal audits with fines and jail time would be a good start.
FYI - your article fails to mention the popularity of enforcing HIPAA with the general public, polls have been taken. Something the last adminstration ignored while they were accepting funds from industry's against HIPAA.
By Joe Stein | Posted 12:01pm | January 26, 2009
The issue is one of trakability and accountability. Our solution is used to enforce policy and procedures around physician signature but without support folks can still do what they want www.inscrybe.com
By Anonymous | Posted 12:25pm | January 26, 2009
It's worse than enforcement. It's about timely disclosure. Even when someone asks for all documents in advance of visiting a medical office for the first time, the HIPAA form is left to the last minute when the patient is in the office. . .effectively an afterthought.
The verbiage on the HIPAA forms is very vague, convoluted and ultimately meaningless with current enforcement efforts.
By Anonymous | Posted 11:46am | August 23, 2009
woman well is far from in compliance in
Needham mass great plain ave under birds hill pharmacy has many hppa violations One major one privacy issue no wall between the waiting room and office Pts hear private info of other pts in conversation on phone registration in the halls . Why should other doctors pay allot of money to have a privacy wall put up and she gets away with it.How can I report this .
By Anonymous | Posted 9:51am | October 13, 2009
when sitting in doctors waiting rooms, listening to comments made by support staff about patients and there problems for the world to hear. how do you stop this damaging chatter.
Post new comment
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site Map | List in Marketplace | Supplier MarketplaceTHE FIERCEMARKETS NETWORKFierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceVoIP | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe© 2009 FierceMarkets, Inc. All rights reserved. |
 |