Health Information Compliance Alert

Privacy Rule Compliance Update

Now that the security rule has taken effect, are you wondering how privacy rule compliance is going? Here's the word straight from the government's mouth:
 

  •  HHS has received almost 12,000 privacy rule complaints since April 14, 2003. Of those, 65 percent have been closed. A few of the top reasons the agency closed complaints are a lack of jurisdiction, the complaint originated prior to the compliance date and the organization the complaint is lodged against is not a covered entity.
     
  •  The top five complaints lodged against providers (in order of highest to lowest amount) are impermissible use or disclosure of PHI, lack of adequate safeguards, refusal or failure to provide an accounting of disclosures, disclosure of more information than necessary and failure to obtain valid authorizations for disclosures requiring them.
     
  •  Complaints are alleged against private physician practices most often and against group health plans least often. Hospitals, pharmacies and outpatient facilities fall into the second, third and fourth slots. "The higher the level of patient contact a covered entity has, the more likely they are to receive a complaint," a CMS spokesperson explains.

    The Bottom Line: While providers are getting the hang of privacy rule compliance, complaints continue to filter in. Use your privacy reminders and annual training to reinforce your policies and procedures to cork potential privacy violations before they ruin your compliance program.
  • Other Articles in this issue of

    Health Information Compliance Alert

    View All