In the past CMS was responsible for enforcing HIPAA's Security Rule. As indicated here, the HITECH Act turns HIPAA into a potential money machine for HHS.
13410(c): In general, proceeds from certain civil fines shall be transferred to HHS/OCR to be used for enforcement and individuals may participate in the distribution of these proceeds. >>
Secretary Delegates HIPAA Security Rule to OCR
On August 3, 2009 OCR announced that the Secretary of Health and Human Services has delegated to the Director of OCR the authority to administer and enforce the HIPAA Security Rule. This action by Secretary Sebelius will improve HHS’ ability to protect individuals’ health information by combining the authority for administration and enforcement of the Federal standards for health information privacy and security called for in the HIPAA.
The transition of authority for the administration and
enforcement of the Security Rule is expected to be seamless with no interruption
in the management or processing of any complaints filed prior to the transition.
Consumers may continue to submit HIPAA security complaints using the on-line
resource – the Administrative Simplification Enforcement Tool (ASET), found at
https:htct.hhs.gov/aset. New
security complaints may also be sent to the Office for Civil Rights. For more information and detailed
instructions on how to submit a complaint to OCR, visit the OCR website: http://www.hhs.gov/ocr/
View
the Federal Register notice of the Delegation of Authority at http://www.hhs.gov/ocr/
>>
Check out a FREE EHR Checklist. If you would like more information regarding EHR implementations and related compliance issues sign up for our FREE HITECH/HIPAA Compliance Newsletter.
