HIPAA Udpate

According to the American Institute of Healthcare Compliance,  the Office for Civil Rights (OCR), the government enforcement agency for HIPAA, has received over 173,426 HIPAA complaints and has initiated over 871 compliance reviews since implementation of the Privacy Rule in 2003. OCR reports At a Glance to have resolved ninety-seven percent of these cases (168,780).

Performing routine auditing and monitoring of HIPAA compliance within your organization can help reduce the risk of becoming one of OCR’s statistics.

  • OCR refers to the Department of Justice (DOJ) for criminal investigation appropriate cases involving the knowing disclosure or obtaining of protected health information in violation of the Rules.
    • As of the March 6, 2018 update to At a Glance, the OCR made 668 such referrals to DOJ.
  • To date, OCR has settled or imposed a civil money penalty in 53 cases resulting in a total dollar amount of $75,229,182.00.
  • OCR has investigated and resolved over 25,695 cases by requiring changes in privacy practices and corrective actions by, or providing technical assistance to, HIPAA covered entities and their business associates.

These HIPAA Privacy Rule complaints are tracked and reported by the Department of Health and Human Services (DHHS) on a webpage called “Numbers at a Glance”.

OCR has investigated complaints against many different types of entities which encompass the following types of businesses:

  • National pharmacy chains;
  • Major medical centers;
  • Group health plans;
  • Hospital chains; and
  • Small provider offices.

In another 11,399 cases, OCR investigations found no violation had occurred. Additionally, in 25,714 cases, OCR has intervened early and provided technical assistance to HIPAA covered entities, their business associates, and individuals exercising their rights under the Privacy Rule, without the need for an investigation.

The current report provides basic statistics from April 14, 2003 through January, 2018 related to Corrective Action Obtained, No violation found and total complaints investigated. The status of all privacy rule complaints, total investigated resolutions and investigated resolutions are also reported.

From the compliance date to the present, the compliance issues investigated most are, compiled cumulatively, in order of frequency:

  • Impermissible uses and disclosures of protected health information;
  • Lack of safeguards of protected health information;
  • Lack of patient access to their protected health information;
  • Lack of administrative safeguards of electronic protected health information.
  • Use or disclosure of more than the minimum necessary protected health information

The most common types of covered entities that have been required to take corrective action to achieve voluntary compliance are, in order of frequency:

  • General Hospitals;
  • Private Practices and Physicians;
  • Outpatient Facilities;
  • Pharmacies; and
  • Health Plans (group health plans and health insurance issuers).

 

Have questions? I’m here to help.

This field is for validation purposes and should be left unchanged.
This field is for validation purposes and should be left unchanged.
Categories
Accounting and Tax Services Litigation Support Managed Care Consulting Managed Care Contract Negotiations Medical Practice and Healthcare Entity Valuation Medical Practice Assessment Medical Practice Brokerage Medical Practice Embezzlement Consulting Medical Practice Management Medical Practice Merger Advice Medical Strategic Planning Newsletter Personal Financial Planning Oversight Physician Compensation Models Physician Compliance Physician Financial Management Services Retirement Uncategorized
About Reed Tinsley, CPA

As a top advisor to physicians, I help increase practice profits by delivering hands-on, expert medical accounting/tax support, practice counsel, and revenue-building strategies. Read More >

Reed Tinsley, CPA