CMS' Oversight of Security Rule "Not Sufficient" According to the OIG

This post was written by Gina M. Cavalier, Vicky G. Gormanly and Brad M. Rostolsky. On May 16, 2011, the Office of Inspector General ("OIG") published a report with the results from its nationwide review of the Centers for Medicare and Medicaid Services ("CMS'") oversight of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). In its review, the OIG sought to determine the sufficiency of CMS' oversight and enforcement actions pertaining to hospitals' implementation of the HIPAA Security Rule. Pursuant to the Security Rule, covered entities, such as hospitals, must implement technical, physical, and administrative safeguards for the protection of electronic protected health information ("ePHI"). According to the OIG, CMS' oversight and enforcement actions were "not sufficient," leaving limited assurance of the security of hospitals' ePHI. The report details the results from the OIG's audits of seven hospitals. The audits disclosed "numerous internal control weaknesses." Specifically, the OIG identified 151 vulnerabilities in the systems and controls intended to protect ePHI. Of these vulnerabilities, 124 were categorized as "high impact." These vulnerabilities placed the confidentiality, integrity, and availability of ePHI at risk. The consequences of the high impact vulnerabilities is that it (1) may result in the highly costly loss of major tangible assets or resources; (2) may significantly violate, harm, or impede an organization's mission, reputation, or interest; or (3) may result in human death or serious injury.

Read more detail on Recent Administrative Law Posts –

Legal notice about the CMS' Oversight of Security Rule "Not Sufficient" According to the OIG rubric : Hukuki Net Legal News is not responsible for the privacy statements or other content from Web sites outside of the Hukuki.net site. Please refer the progenitor link to check the legal entity of this resource hereinabove.

Do you need High Quality Legal documents or forms related to CMS' Oversight of Security Rule "Not Sufficient" According to the OIG?

This entry was posted in Administrative law and tagged , , , , , . Bookmark the permalink.

Leave a Reply