![dataloss logo](/images/dataloss-logo.png)
BreachExchange mailing list archives
VA, CVS Health receive most OCR closure letters for HIPAA complaints
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 25 Jul 2016 16:46:18 -0600
http://www.fiercehealthcare.com/it/va-cvs-health-receive-most-ocr-closure-letters-for-hipaa-complaints The Department of Veterans Affairs and CVS represent the two entities that have received the most HIPAA complaints resulting in corrective-action plans or technical assistance from the Health and Human Services Department's Office for Civil Rights, according to a ProPublica report. ProPublica, in 2015, created a HIPAA Helper website that allows users to search for data breaches, privacy complaints or HIPAA violations by specific healthcare facilities, providers or payers. Now, the publication has posted 300 “closure letters” sent between 2011 and 2014 by OCR; the information was obtained through Freedom of Information Act requests. CVS Health received more than 100 letters in that time frame, and the VA received a little more than 140. The OCR letters remind “providers of their legal obligations, advising them on how to fix purported problems, and, sometimes, prodding them to make voluntary changes,” according to the report. Some of the complaints to which the letters were responding included faxes going to the wrong doctor or employees snooping in patients’ files, ProPublica noted. Last year, ProPublica also called out the VA and CVS, as well as Walgreens, Kaiser Permanente and Walmart, for receiving repeated HIPAA complaints. Deven McGraw, deputy director for health information privacy at OCR, told the publication that more closure letters are not posted online because of budgetary restraints. In 2014, OCR received more than 17,000 complaints. “I do think it’s something that we should do, but we have to figure out the best way to make that happen,” McGraw said. “It is something we’re working on.” Representatives from CVS and the VA previously told ProPublica that privacy and security of patient information is very important, according to the article.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- VA, CVS Health receive most OCR closure letters for HIPAA complaints Audrey McNeil (Jul 26)