.svg?sfvrsn=be606e78_3)
The common misperception among healthcare providers that the Privacy Rule of the Health Insurance Portability and Accountability Act is not being enforced got a jolt of reality earlier this summer.
After reports of a data breach at one of its facilities, Seattle-based Providence Health & Services signed a "resolution agreement" with the Department of Health and Human Services in July, agreeing "to pay $100,000 and implement a detailed Corrective Action Plan to ensure that it will appropriately safeguard identifiable electronic patient information against theft or loss."
"The [corrective action plan] gives us some indication that the bar is being raised when it comes to HIPAA compliance," says Lisa Gallagher, director of privacy and security at the Healthcare Information and Management Systems Society, in Computerworld.
Ms. Gallagher debunked the myth that HIPAA is not enforced in Outpatient Surgery Magazine's June cover story, "Are Your EMRs Secure?" She warned that this widespread impression has led many "covered entities" to discount the importance of compliance with the Privacy Rule, even though the Centers for Medicare & Medicaid Services, with the help of PriceWaterhouseCoopers, has begun conducting random audits at locations with reported violations of the law.
For advice on how to step up HIPAA compliance and raise awareness among your staff, check out Ms. Gallagher's data security quiz. The answers may surprise you.
.svg?sfvrsn=56b2f850_5)