HIPAA Breach Case Study

536 Words3 Pages

1- HIPAA Enforcement rule became stricter
Because of the lack of compliance from many covered entities with HIPAA privacy and security rules, the enforcement rule is procreated. The Department of Health and Human Services HHS is given the power by the enforcement rule to look for any unauthorized access of PHI (Protected Health Information) in any covered entity against HIPAA Privacy rule. In the same time the enforcement rule gave The Department´s Office for Civil Rights the qualification to apply a criminal charge as penalties against HIPAA violation and for a person who commits an illegal act, who fail to introduce corrective measures within 30 days.
2007:
CMS announced the deadline for compliance with the National Provider Identifier (NPI)
It is mandated by HIPAA, that all health care providers use their NPI, which is an individual identification number, to identify themselves.
2008
OCR did not meet the federal requirement in …show more content…

Consistent with this contract, there are some necessary steps to comply
• Both covered entity and Business associates, have to develop the Breach notification policy and the steps to comply. (Breach means un unauthorized use or disclose of protected health information, which cause risk or harm to the individuals)
• The HITECH Act also requires a Business Associate to take action if a Covered Entity fails to comply with the Business Associate Agreement.
• If the contract between the covered entities and business associates is revoked, it is mandatory that the business associate return or eradicate all PHI received from covered entity.
Sources
Sayles, B. N., (2013), Health Information Management Technology: An Applied Approach. Chicago: American Health information management Association.

Solove, Daniel J., (2013). HIPAA Turns 10: Analyzing the Past, Present and Future Impact. Journal of AHIMA 84,