[ Tuesday, December 06, 2005 ]
HIPAA complaints etc:
From Alan Goldberg: unofficially, as of the end of November, OCR has received about 17,000 complaints and closed about 70% of them. Many of the closures are due to the fact that the complaint isn't really a HIPAA complaint, isn't a HIPAA privacy complaint, is about a non-covered entity, or otherwise isn't relevant to HIPAA, about a third of the closed complaints were taken care of with informal discussions between OCR and the covered entity. So far there have been no proceedings in front of any administrative law judges (courts for regulatory enforcement), but about 250 cases have been referred to the US Department of Justice for possible pursuit of criminal charges. I'd suspect much of those are identity theft issues involving low-level administrative personnel.
OCR enforces the Privacy Rule, but CMS enforces the Security and Transaction and Code Sets Rules. OCR has received about 400 TCS complaints and about 50 Security complaints. So far, CMS hasn't tried to recover monetary penalties from the covered entities that are subject of their complaints or referred anyone to the Department of Justice for criminal prosecution, but most of the complaints that had merit have resulted in corrective action by the offending covered entity.
Interesting. Thanks, Alan.
Jeff [11:47 AM]
Blogger: HIPAA Blog - Edit your Template