HHS inspector general blasts CMS over lack of HIPAA enforcement

WASHINGTON, D.C. — The inspector general’s office at the Department of Health and Human Services (HHS) has criticized the Centers for Medicare and Medicaid Services (CMS) for its soft enforcement of the Health Insurance Portability and Accountability Act (HIPAA).

In a 19-page letter addressed to acting CMS administrator Kerry Weems, the inspector general’s audits of hospital security show “numerous, significant vulnerabilities” that put patient data “at high risk.”

According to Modern Healthcare, the report said the CMS has done a good job establishing a mechanism to receive complaints from the public about security issues at healthcare organizations and also has effectively followed up with those organizations to remedy problems mentioned in the complaints. But that method alone was not enough to adequately safeguard patient information.

For a copy of the report, click here.

HHS inspector general blasts CMS over lack of HIPAA enforcement.