On November 26, the U.S. Department of Health and Human Services’ Office for Civil Rights released guidance on methods for de-identification of protected health information in keeping with the HIPAA Privacy Rule (as required under the HITECH Act). The guidance answers questions related to each of the permissible de-identification methods – the expert determination… Continue Reading
Following an extensive investigation by the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR), the Alaska Department of Health and Social Services (DHSS), Alaska’s state Medicaid agency, agreed to pay $1.7 million in fines and to comply with a corrective action plan (CAP) to address gaps in its compliance with the HIPAA Privacy and Security Rules.
The U.S. Department Health and Human Services Office of the Inspector General issued two reports yesterday criticizing the Centers for Medicare and Medicaid Services (“CMS”) and the Office of the National Coordinator for Health IT (“ONC”) for doing too little to protect the security of patient health information. The first report, Nationwide Rollup Review of the Centers for Medicare & Medicaid Services HIPAA Oversight, found that CMS oversight and enforcement “were not sufficient to ensure that covered entities, such as hospitals, effectively implemented the Security Rule.”