[ Friday, December 14, 2007 ]
Beware HHS audits of electronic patient data systems:
that's the message being pushed at the 15th annual HIPAA summit this week (I admit, I'm not there, just reporting what I'm hearing. In fact, BNA has an article
(subscription requires) on it. Snippet:
Jeff [12:12 PM]
The next time the Department of Health and Human Services conducts a HIPAA compliance audit on a hospital that maintains electronic data on patients, the chief information, security, and privacy officers are likely to have a very bad day.
That was the message several speakers delivered Dec. 12 to hospital privacy and security professionals attending the 15th Annual HIPAA Summit. Their warnings come after a reportedly rigorous audit of the electronic systems at Atlanta's Piedmont Hospital by HHS's Office for Civil Rights, the agency in charge of privacy compliance under the Health Insurance Portability and Accountability Act (HIPAA).
"There has been a dramatic change at OCR," said attorney Marc Goldstone, who observed that for the last seven years, the office has been a "nice guy" helping health care institutions comply with the law. Goldstone, general counsel at Community Health Systems, added that Piedmont was "pretty well managed" and considered HIPAA-compliant. According to the hospital's Web site, it was deemed by U.S. News and World Report one of the nation's "most wired" hospitals in 2004, 2005, and 2006 .
Goldstone said that neither OCR nor Piedmont has revealed the results of the March audit. As bad as it might have been, "they're still in business," he commented.
Blogger: HIPAA Blog - Edit your Template