« The Future Of SIEM | Main | On Natural Flow of Log Management »

HIPAA: Report Shows Most Complaints Not Investigated - IT Compliance

The motivation to get HIPAA compliant shouldn't be to avoid getting sued - it should be to protect your informaiton assets. Saying that, we do wonder how many will be motivated to comply with a mandate that isn't being enforced - according to Government Health IT "Most privacy complaints are not investigated":

"The Department of Health and Human Services investigated less than 25 percent of 22,964 privacy complaints submitted to HHS’ Office for Civil Rights (OCR) from April 2003 through September 2006"

"Melamedia found that of the 5,400 complaints investigated – all of which were filed against health care organizations covered by the Health Insurance Portability and Accountability Act (HIPAA) – OCR officials took informal action in 3,700 cases. Officials absolved the accused health care organizations in 1,700 others."

Will the new False Claims Act Guidelines coming into play with HIPAA enforcement, will enforcement activities will increase? Perhaps. As Rebecca points out:

A significant motivator for compliance is that beginning in 2007, "whistleblowers" for violators of the new guidelines will be awarded 15% - 25% of any associated fines, depending upon the situation. This could definitely motivate employees, former employees, and patients/customers to report what they believe are HIPAA violations when they may not have to date.

This could bring the Department of Justice (DOJ) into the HIPAA compliance and enforcement mix.

The real question is, "will compliance activities increase? Read more here and here...

Posted January 08, 2007 in Compliance | Permalink

Visit loglogic.com

Subscribe to this blog’s feed

• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005
• October 2005
• September 2005

Blogroll

• CynergisTek
• Bruce Schneier
• InfoSecDaily

Compliance

• Continuity Central
• Compliance Pipeline
• SOX Compliance Journal
• Sarbanes-Oxley 101

Good Reading

• Log Management ROI
• Log Management Best Practices
• SANS Institute Log Management White Paper

LogLogic

• O’Reilly
• Anton Chuvakin
• LogLogic.Com
• Jian Zhen

LogLogic Partners

• Juniper Networks
• ONStor
• Counterpane
• Bluecoat

Sites We Watch

• The Merc
• CRN
• IT Architect
• The Reg
• Security Focus
• Slashdot
• TechWeb
• SANS
• C/Net
• CIO Insight
• InformationWeek
• Jamie Lewis - Burton Group
• eWeek
• IT Manager's Journal
• MIT Magazine
• VNU