OIG Report Criticizes CMS Oversight of HIPAA Security Compliance

The American Health Lawyer's Association (www.healthlawyers.org) reports that The Centers for Medicare and Medicaid Services (CMS) needs to be more proactive in overseeing and enforcing implementation of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule according to the Department of Health and Human Services Office of Inspector General (OIG). Could this mean more audits for healthcare providers in the future?

According to the OIG, CMS’ complaint-driven enforcement approach to ensuring covered entities comply with HIPAA security requirements fails to address a number of “significant vulnerabilities”; this was identified during iOIG audits of various hospitals nationwide.

According to the OIG, many of the vulnerabilities it identified would not have been flagged by HIPAA Security Rule complaints. As of October 31, 2005, CMS received only 413 potential Security Rule complaints out of more than 16,000 total HIPAA complaints.

Read the report, Nationwide Review of the Centers for Medicare & Medicaid Services Health Insurance Portability and Accountability Act of 1996 Oversight (A-04-07-05064).

About the Author

Reed Tinsley CPA

This article is written by Reed Tinsley, a Houston, TX-based CPA with over 30 years of experience advising physicians and medical practices across Texas and the United States. Reed holds certifications as a Certified Valuation Analyst (CVA), Certified Healthcare Business Consultant (CHBC), and Certified Financial Planner (CFP), specializing exclusively in the healthcare sector. He is a published author, nationally recognized speaker, and trusted advisor to physicians on accounting & tax, practice management, and financial planning. Schedule a Free Consultation.