The Office for Civil Rights has requested $46.7 million in funding in its FY 2010 budget, with 76 percent of new funding to go toward enforcing HIPAA regulations, according to a Health Data Management news report
The federal list of major health information breaches that have occurred since September 2009 included 249 incidents affecting nearly 8.3 million individuals as of Tuesday. But the total number affected could surpass 10 million once details about the recent Health Net breach are added.
Cyber attacks on the federal government increased in 2010 over the previous year, even though the total number of cybersecurity incidents was down overall, according to a new report from the Office of Management and Budget (OMB).
Susan McAndrew of the HHS Office for Civil Rights discusses recent high-profile HIPAA cases, upcoming state attorneys general training and the pending HIPAA audit program.
The Office of Civil Rights is offering HIPAA enforcement training sessions for States Attorneys General, aiming to aid them in investigating and seeking damages for HIPAA violations within their states, according to the U.S. Department of Health and Human Services.
The Office of Civil Rights (OCR) in the Department of Health and Human Services is expanding its fight against HIPAA security and privacy violations, as mandated by the HITECH Act. The OCR, a relatively small office with limited manpower, is now inviting the attorneys general of all 50 states to receive training in HIPAA enforcement.
It is estimated that nearly 1.5 million Americans are victims of medical identity theft, up slightly from last year, according to this comprehensive study. Alarmingly, the average cost to resolve a case of medical identity theft stands at $20,663, up from $20,160 in 2010
Managing Information Security Risk: Organization, Mission, and Information System View (NIST Special Publication 800-39) provides the groundwork for a three-tiered, risk-management approach that “fundamentally changes how we manage information security risk at the federal level,” says Ron Ross, NIST Fellow and one of the principal authors of the publication.
HHS has now sent a clear message to entities bound by HIPAA – HIPAA must be taken seriously. Indeed, in the HHS press release related to the Mass General incident, OCR Director Georgina Verdugo indicated that entities bound by HIPAA must ensure they have an effective compliance plan in place in order to avoid enforcement penalties. Specifically, Verduga stated, “[w]e hope the health care industry will take a close look at this [Mass General Resolution] agreement and recognize that OCR is serious about HIPAA enforcement.
The ISA training consists of a four-hour online pre-requisite course and exam covering PCI fundamentals, followed by an in-depth, two-day (down from the original three), instructor-led course and exam. Successful completion results in ISA qualification and a PCI ISA certificate.