[BreachExchange] VA, CVS Health receive most OCR closure letters for HIPAA complaints
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Jul 25 18:46:18 EDT 2016
http://www.fiercehealthcare.com/it/va-cvs-health-receive-most-ocr-closure-letters-for-hipaa-complaints
The Department of Veterans Affairs and CVS represent the two entities that
have received the most HIPAA complaints resulting in corrective-action
plans or technical assistance from the Health and Human Services
Department's Office for Civil Rights, according to a ProPublica report.
ProPublica, in 2015, created a HIPAA Helper website that allows users to
search for data breaches, privacy complaints or HIPAA violations by
specific healthcare facilities, providers or payers.
Now, the publication has posted 300 “closure letters” sent between 2011 and
2014 by OCR; the information was obtained through Freedom of Information
Act requests.
CVS Health received more than 100 letters in that time frame, and the VA
received a little more than 140.
The OCR letters remind “providers of their legal obligations, advising them
on how to fix purported problems, and, sometimes, prodding them to make
voluntary changes,” according to the report.
Some of the complaints to which the letters were responding included faxes
going to the wrong doctor or employees snooping in patients’ files,
ProPublica noted.
Last year, ProPublica also called out the VA and CVS, as well as Walgreens,
Kaiser Permanente and Walmart, for receiving repeated HIPAA complaints.
Deven McGraw, deputy director for health information privacy at OCR, told
the publication that more closure letters are not posted online because of
budgetary restraints. In 2014, OCR received more than 17,000 complaints.
“I do think it’s something that we should do, but we have to figure out the
best way to make that happen,” McGraw said. “It is something we’re working
on.”
Representatives from CVS and the VA previously told ProPublica that privacy
and security of patient information is very important, according to the
article.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160725/aa8d2498/attachment.html>
More information about the BreachExchange
mailing list