But Don't Worry, Your Health Information is Secure: the Enforcers are Themselves Incompetent and Broke

Another in my "But Don't Worry, Your Health Information is Secure" series (see http://hcrenewal.blogspot.com/search/label/medical%20record%20privacy) ... a promise blindly made by the healthcare information technology hyper-enthusiasts.The Office of the Inspector General for HHS just issued a report finding that the Office of Civil Rights (OCR), which is charged with enforcing the HIPAA/HITECH law, had itself failed to adequately protect the security of the health information it handled. Specifically OIG found that OCR “focused on system operability to the detriment of system and data security.”From “The Office for Civil Rights Did Not Meet All Federal Requirements in Its Oversight and Enforcement of the Health Insurance Portability and Accountability Act Security Rule”, p. ii (Nov. 2013).  http://oig.hhs.gov/oas/reports/region4/41105025.aspSummary:The Office for Civil Rights (OCR) did not meet certain Federal requirements critical to the oversight and enforcement of the Health Insurance Portability and Accountability Act Security Rule (Security Rule). OCR had not assessed risks, established priorities, or implemented controls for its Federal requirements to provide for periodic audits of covered entities to ensure their compliance with Security Rule requirements. In addition, OCR's Security Rule investigation files did not contain required documentation supporting key decisions made because management had not implemented sufficient controls, ...
Source: Health Care Renewal - Category: Health Medicine and Bioethics Commentators Tags: computer security HHS HIPAA medical record confidentiality medical record privacy OCR Source Type: blogs