Skip to main content

is-hipaa-about-to-get-some-teeth

The healthcare world is abuzz with the news that the Department of Health and Human Services is auditing Atlanta's Piedmont Hospital:

Neither Piedmont nor the HHS has confirmed that the audit was launched, and few details about it have been disclosed publicly. But an HHS document obtained by Computerworld shows that Piedmont officials were presented with a list of 42 items that the agency wanted information on.

Among them were the hospital's policies and procedures on 24 security-related issues, including physical and logical access to systems and data, Internet usage, violations of security rules by employees, and logging and recording of system activities. The document also requested items such as IT and data security organizational charts and lists of the hospital's systems, software and employees, including new hires and terminated workers.

I didn't even know that HHS could audit a hospital under HIPAA. Of course, even if there is no ability to force changes, having an audit that finds holes creates a very clear liability. While HIPAA has always required strong authentication for remote access, the Centers for Medicare & Medicaid Services (CMS) issued a directive last December also requiring strong authentication.

Currently unrated

Recent Posts

Archive

2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom