[ Thursday, October 07, 2010 ]
News From HIPAA Summit West
Jeff [10:40 AM]
- The HITECH regs generated 550 comments; HHS expects to have a final rule by late this year or the spring of 2011.
- 160 big breaches (500+) reported so far; 8500 small breaches.
- Hacking accounts for a very small amount of breaches. Don't focus too much on technical solutions, so that you forget physical solutions (i.e., keeping your laptops safe from theft).
- However, "Encrypt, encrypt, encrypt. We can't say that enough."
- Complaint level ebbs and flows between 6,000 and 9,000 per year, but the top 4 complaints remain consistent: improper use, lack of safeguards, failure to provide access, and violation of the minimum necessary rule.
- 2/3 of OCR investigations result in some corrective action, while 1/3 find no violation.
- OCR likes settlements, and prefers them to civil money penalties, because it means the perpetrator is cooperating and resolving the issue. But if a covered entity doesn't cooperate, OCR will not hesitate to levy a stiff CMP.
Blogger: HIPAA Blog - Edit your Template