HomeFor Families / Individuals For Employers HSA ProvidersHSA Information
May 2007 return to the table of contents

HIPAA Privacy Rule Assistance

Tell a friend about this article

Click here to subscribe to the free
Managing Your Healthcare email newsletter

 

The Privacy Rule requires health plans, most health care providers and health care clearinghouses to comply with its standards.  This rule is enforced by the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS).  The HHS began enforcing the Privacy Rule as of April 14, 2003.

Over the last four years, HHS enforcement has obtained significant change that has improved the privacy practices of covered entities through its enforcement program. Corrective actions obtained by HHS from these entities have resulted in change that is systemic and affects all the individuals they serve. 

The HHS has a helpful website that explains some of these changes.  The site is divided into the following sections: 

Enforcement Process

  • How OCR Enforces the HIPAA Privacy Rule, including what complaints the OCR will follow up on, how entities will be notified, possible options if a violation is found (primarily voluntary compliance, correction action and/or a resolution agreement), and what can happen if a violation is not corrected.

  • What OCR Considers During Intake & Review of a Complaint, including that the action must have taken place after April 14, 2003; must be filed against an entity that is required by law to comply with the Privacy Rule (and defines those entities); must allege an activity, that if shown to be true, does violate the Privacy Rule; must be filed within 180 days of when the person submitting the complaint knew or should have known it was a violation, and the OCR must know the identify of the person who filed the complaint and have a way to talk to them and investigate the case further.

  • Flowchart of the complaint process, including intake, investigation and resolution stages

Enforcement Highlights

  • Privacy Rule Enforcement Highlights, which includes statistics about the number of cases and complaints that have been received and investigated by the OCR.  This section includes the 5 most frequently investigated claims and the top 5 most common types of covered entities that have been required to take corrective action to achieve voluntary compliance .

  • Numbers at a Glance – this section includes statistics and graphs that explain the Status of All Complaints, Total Investigated Resolutions through March 31, 2007, and Investigated Resolutions through December 31, 2006.

 Case Examples

  • By Issue

    • Impermissible Uses & Disclosures
    • Lack of Safeguards
    • Lack of patient access to their protected health information
    • Uses or Disclosures of more than the minimum necessary
    • Lack of or invalid authorization

  • By Covered Entity

    • Private Practices
    • General Hospitals
    • Outpatient Facilities
    • Health Plans
    • Pharmacies

Site visitors also have the option to submit a question to the HHS about privacy practices.  This is a great site for covered entities to further learn about the Privacy Rule and how to maintain compliance, as well as learning about the role of the OCR in the process.  For more information, please visit:  http://www.hhs.gov/ocr/privacy/enforcement/

return to the table of contents


Home   |   HSAs For Individuals   |  HSAs For Employers   |   HSA Providers   |   HSA Information  |  Media Kit
HSAs For Agents - TPAs  |  HSAs For Bankers   |   Bookstore   |   About Us   |   Site Map   |   Disclaimer

© 2008 Information Strategies, Inc.

All material contained on this site is copyrighted by Information Strategies, Inc. and
JoAnn M. Laing, author of The Small Business Guide to HSAs (ISBN 1-883283-44-2)
and The Consumer's Guide to Health Savings Accounts (ISBN 1-883283-46-9).
These books can be ordered from our online bookstore.

Use these links to get your HSA insurance as a family/individual or
HSA insurance for a business, or HSA bank information.

Information Strategies, Inc., P.O. Box 315, Ridgefield, NJ 07657
email customerservice@hsafinder.com

Email Abuse Policy