New Authority Enforces HIPAA Security

  • By
  • In CMS
  • August 17, 2009
  • Comments Off on New Authority Enforces HIPAA Security

Health and Human Services (HHS) Secretary Kathleen Sebelius announced Aug. 3 that the Office for Civil Rights (OCR) is the new authority for the administration and enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.

OCR has been responsible for enforcement of the Privacy Rule—which provides federal protections for personal health information held by covered entities and gives patients certain rights to that information—since 2003. As the new authority for the Security Rule, an HHS press release stated, OCR “will eliminate duplication and increase efficiencies in how the department ensures that Americans’ health information privacy is protected.”

The Centers for Medicare & Medicaid Services (CMS)—the former HIPAA Security Rule administration and enforcement authority—will continue to administer and enforce HIPAA Administrative Simplification regulations.

“The transition of security complaints from CMS to OCR has no impact on how complaints about Transactions and Codes Sets or Unique Identifiers are filed or processed. CMS retains its enforcement authority for these other HIPAA rules,” OCR states in a July 27 press release.

HHS will continue to administer and enforce federal standards for health information privacy called for in HIPAA.

The newly delegated authority was made to improve enforcement of the Privacy and Security Rules, in accordance with a Health Information Technology for Economic and Clinical Health (HITECH) Act mandate.

“Security and privacy of health information are increasingly intersecting as the department works with the health industry to adopt electronic health records and participate in an even greater level of electronic exchange of health information,” said Secretary Sebelius in the HHS press release. “Privacy and security are naturally intertwined, because they both address protected health information. Combining the enforcement authority in one agency within HHS will facilitate improvements by eliminating duplication and increasing efficiency.”

For more information regarding HIPAA security and privacy regulations, please visit OCR Web site.

No Responses to “New Authority Enforces HIPAA Security”

  1. Mike says:

    HIPAA had brought a new revolution in the healthcare sector and had made a significant improvement especially in mishandling of vital health information and bringing down the medical cost. I know one website that provide multiformat HIPAA Privacy and HIPAA Security Training to individual as well as to group from healthcare organizations and covered entities. The HIPAA Training will help the organization to better understand HIPAA’s Administrative Simplification Act as well as how to create a framework for initiating and working towards a blueprint for HIPAA Privacy Compliance and to understand updated HIPAA security rules and regulations.

  2. Tina says:

    I just had a question about some of the HIPAA laws… Under the guidelines reguarding charging patients for copies of their medical records, if the doctor makes a contract of his or her own and has the patient sign it stating that a $40 transfer of records fee, or a $40 copy of records fee will be charged in order to change providers,…. is this still legal or do federal and state laws trump the doctors contract? And in the matters of medicaid insurance policy holders , will those laws also trump the contract or not.