In the past CMS was responsible for enforcing HIPAA's Security Rule. As indicated here, the HITECH Act turns HIPAA into a potential money machine for HHS.
13410(c): In general, proceeds from certain civil fines shall be transferred to HHS/OCR to be used for enforcement and individuals may participate in the distribution of these proceeds.
>>
Secretary Delegates HIPAA Security Rule to OCR
On August 3, 2009 OCR announced that the Secretary of Health and Human Services has delegated to the Director of OCR the authority to administer and enforce the HIPAA Security Rule. This action by Secretary Sebelius will improve HHS’ ability to protect individuals’ health information by combining the authority for administration and enforcement of the Federal standards for health information privacy and security called for in the HIPAA.
The transition of authority for the administration and enforcement of the Security Rule is expected to be seamless with no interruption in the management or processing of any complaints filed prior to the transition. Consumers may continue to submit HIPAA security complaints using the on-line resource – the Administrative Simplification Enforcement Tool (ASET), found at https:htct.hhs.gov/aset. New security complaints may also be sent to the Office for Civil Rights. For more information and detailed instructions on how to submit a complaint to OCR, visit the OCR website: http://www.hhs.gov/ocr/privacy/hipaa/complaints/. The transition of security complaints from CMS to OCR has no impact on how complaints about Transactions and Codes Sets or Unique Identifiers are filed or processed. CMS retains its enforcement authority for these other HIPAA rules.
View the Federal Register notice of the Delegation of Authority at http://www.hhs.gov/ocr/privacy/srdelegationofauthority2009.pdf and the Secretary’s press release at http://www.hhs.gov/news/press/2009pres/08/20090803a.html.
>>
Looking for a best of breed HIPAA Compliance Tracking System?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH / HIPAA experience?
