OIG Report Criticizes CMS Oversight of HIPAA Security Compliance

The American Health Lawyer's Association (www.healthlawyers.org) reports that The Centers for Medicare and Medicaid Services (CMS) needs to be more proactive in overseeing and enforcing implementation of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule according to the Department of Health and Human Services Office of Inspector General (OIG). Could this mean more audits for healthcare providers in the future?

According to the OIG, CMS’ complaint-driven enforcement approach to ensuring covered entities comply with HIPAA security requirements fails to address a number of “significant vulnerabilities”; this was identified during iOIG audits of various hospitals nationwide.

According to the OIG, many of the vulnerabilities it identified would not have been flagged by HIPAA Security Rule complaints. As of October 31, 2005, CMS received only 413 potential Security Rule complaints out of more than 16,000 total HIPAA complaints.

Read the report, Nationwide Review of the Centers for Medicare & Medicaid Services Health Insurance Portability and Accountability Act of 1996 Oversight (A-04-07-05064).


Have questions? I’m here to help.