OCR’s Publicly Disclosed Large Breaches Now Top 20 Million Impacted Individuals

May 16, 2012.  The Department of Health and Human Services’ (HHS) HIPAA/HITECH Act privacy and security enforcement arm, Office for Civil Rights (OCR), is responsible under the HITECH Act to publicly disclose privacy and security breaches that affect 500 or more individuals on its Breach Notification Web site.  With the now reported Utah Department of Health hacking/IT incident breach occurring in the period March 10-April 2, 2012 and affecting a reported 780,000 individuals, the total number in 435 breaches reported since September 22, 2009, now totals 20,079,189 impacted individuals.  Of the total number of breaches where location of breached information is known (e.g., electronic or hard copy source), 72% of…

READ MORE

HHS Publishes NPRM for HIPAA Health Plan Identifier and Delay for ICD-10 Compliance Date

April 17, 2012.  The Office of the Secretary of the Department of Health and Human Services (HHS) published today in the Federal Register its Notice of Proposed Rule Making (NPRM):  Administrative Simplification:  Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for ICD-10-CM and (CD-10-PCS Medical Data Code Sets. From the NPRM is the Summary of the Major Provisions: “a. HPID.  This rule proposes the adoption of the HPID [national unique health plan identifier] as the standard for the unique identifier for health plans and definitions for ‘Controlling Health Plan’ and ‘Subhealth Plan.’ The proposed…

READ MORE