HIPAA Complaints Vex Healthcare Organizations - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Healthcare // Security & Privacy
09:05 AM
Connect Directly

HIPAA Complaints Vex Healthcare Organizations

Since 2013, complaints to the Department of Health and Human Services have risen regarding Health Insurance Portability and Accountability Act violations.

EHR Jobs Boom: 8 Hot Health IT Roles
EHR Jobs Boom: 8 Hot Health IT Roles
(Click image for larger view and slideshow.)

The number of Health Insurance Portability and Accountability Act (HIPAA) violation complaints received by the Department of Health and Human Services spiraled upward in 2013. Complaints are on a similar high-speed trajectory for 2014, according to analysis by TrueVault.

"The number of complaints through May 2014 is up 45.7% over the number received through May in 2013, so we believe that we will continue to see complaints surge through 2014," Morgan Brown, vice president of growth at TrueVault, said in an interview. As of May 2014, there had been 6,701 complaints, versus 4,599 a year earlier.

Of those complaints, corrective action was required in 26% of cases HHS reviewed. Only 14% of complaints resulted in no action -- a statistic that "points to the severity of the problem of keeping patient data safe and secure," said Brown.

[Paraplegics can walk again, with help. Read First Robotic Exoskeletons For Paraplegia Win FDA Approval.]

Increased consumer awareness might be one reason, he said. Regulatory changes are another.

"At the same time, we'll see enforcement activity rise with the enactment of the new Omnibus Final Rule regulations that went into effect last year," he said. "The new rule introduced new, higher fines and requires that all business associates meet HIPAA compliance standards. Previously, only covered entities were subject to the law."

(Source: TrueVault)
(Source: TrueVault)

Jerome Meites, an HHS chief regional civil rights counsel, warned late last year that the government would pursue organizations more aggressively for HIPAA violations. Audits, which began in 2013, will continue through 2015, he said.

In addition, states enacted their own data security and enforcement policies. Of the approximately 90,000 complaints received through 2013, only 32,000 fell under the jurisdiction of the HHS Office of Civil Rights. Of these, 22,026 required corrective action, while investigation of 9,899 found no violation.

Of the 521 complaints the OCR referred to the Department of Justice for potential criminal justice, the DoJ has agreed to pursue only 54 of them.

Executives agreed that the Omnibus Rule will generate larger penalties and more criminal enforcement. "HIPAA is all about risk management," Art Gross, president and CEO of HIPAA SecureNow, told us. "I've seen the shift in awareness since last September with the Omnibus Rule."

Patients or others affected by a HIPAA breach have another recourse, too.

"There is no private cause of action under HIPAA, but that does not prevent aggrieved parties from suing companies who have caused a breach under common law for privacy violations and negligence, among other things," TrueVault's Brown said. "Also, individuals may lodge complaints with the government, which can investigate and bring enforcement actions."

Experts said healthcare organizations and their business associates should use the threat of more audits, penalties, and criminal enforcement as another incentive to invest more resources toward protecting patient data.

"With the growing number of mobile devices, tablets, and laptops used in patient management, healthcare organizations need to ensure that they have the proper administrative, physical, and technical safeguards in place as mandated by the law to ensure compliance and to reduce breaches. This includes both proper training and regular compliance audits with the staff and the proper technical safeguards to ensure that devices that are lost or stolen have data that is password protected and encrypted, and that devices can be remotely wiped as needed," Brown said. "In addition, healthcare organizations need to ensure that their technology partners are also compliant and are using best practices when it comes to device and data security."

Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and we offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators. Read our InformationWeek Elite 100 issue today.

Alison Diana is an experienced technology, business and broadband editor and reporter. She has covered topics from artificial intelligence and smart homes to satellites and fiber optic cable, diversity and bullying in the workplace to measuring ROI and customer experience. An ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
[email protected],
User Rank: Strategist
12/14/2015 | 4:11:14 PM
Helpful Webinar
Visual eavesdropping is a greater threat than ever before for reasons well-articulated in this article—namely, more and more employees working in a mobile setting which increases the threats of data on the screen being left unsecured. The goal my team is working towards is to secure that data and do it in a way that doesn't cause a big disruption to the workflow. To that end, you can visit the website of PrivateEyeEnterprise--just Google that phrase and we'll come up. Visit the webinar section and we'll have a webinar available. 
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll