On June 26, 2012, the U.S. Department of Health and Human
Services (HHS) entered into a settlement with the Alaska Department
of Health and Social Services (DHSS) for $1.7 million as well as a
corrective action plan (CAP) for alleged security violations of the
Health Insurance Portability and Accountability Act (HIPAA). This
represents the first HHS action against a state agency.
Pursuant to reporting requirements under the Health Information
Technology for Economic and Clinical Health (HITECH) Act, DHSS
reported that a portable electronic storage device, specifically a
USB drive, containing electronic protected health information was
stolen from an employee's vehicle. This report prompted an
investigation by the HHS Office for Civil Rights (OCR), the agency
responsible for HIPAA enforcement. As a result of the
investigation, OCR determined that DHSS did not meet certain basic
requirements under the HIPAA Security Rule. Specifically, OCR
determined DHSS failed to:
Complete a risk analysis;
Implement specific risk management measures;
Complete security training for workforce members;
Implement device and media controls; and
Address device and media encryption.
In order to correct the alleged deficiencies, DHSS entered into
a three (3) year CAP that obligates DHSS to:
Develop, maintain and revise written policies and procedures to
comply with HIPAA;
Distribute policies and procedures to workforce members;
Train workforce members on the policies and procedures;
Regularly conduct risk analyses and develop risk management
procedures to address this risk;
Designate an independent monitor for the duration of the CAP;
Submit annual reports to HHS.
This enforcement action highlights the growing exposure for
covered entities under HIPAA.
Whether you are an employer that provides health insurance for your employees, a business in the growing healthcare industry, a hospital, or other medical provider—or you provide services to any of those entities—you need to know about changes to the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Marilyn Tavenner received bipartisan support from members of the Senate Committee on Finance in her confirmation hearing to lead the Centers for Medicare and Medicaid Services (CMS) though a full Senate vote is being held up, the president released his FY 2014 budget proposal with health care reform and specified reimbursement reductions to providers and manufacturers totaling $400 billion over 10 years sprinkled throughout it, and Department of Health and Human Services (HHS) Secretary Sebelius
The Office of Inspector General for the Department of Health and Human Services has recently issued an updated Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs.
On Tuesday, the North Carolina legislature has enacted into law, pending the governor's signature, a prohibition on the use of most favored nations clauses in contracts between commercial health insurers and providers.