When President Obama signed into law the HITECH Act as part of ARRA in February 2009, it meant a bevy of changes to the existing HIPAA Privacy, Security, and Enforcement Rules.
The company, based in Prince George's County, MD, got hit in February with OCR's first civil money penalty for violations of the HIPAA Privacy Rule-a $4.3 million tab that included $3 million for failing to cooperate with the agency's investigation. OCR determined Cignet acted with "willful neglect" and did not take action to correct the violations, which allowed the agency to impose the highest level of fines based on its tiered penalty structure.
Test your knowledge of HIPAA: Is it permissible to leave voice messages on patients' home or work phones reminding them of appointments? Is it okay to use stickers on the outside of a patient's chart to remind us of his or her payer source? I need to take copies of documents home to finish up my clinical notes. Is this a violation of HIPAA?
Here's one trend industry observers say healthcare organizations can expect to see now and in the future: heightened patient awareness and concern about the security of their private medical data.
Organizations need to determine whether they have fully implemented the Security Rule. The HIPAA Security Rule has been around for a while, but many organizations have not implemented all of its requirements.
