On May 31, 2011, the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a notice of proposed rulemaking (NPRM) that would provide individuals with a new right under HIPAA. The NPRM would allow individuals to request an “access report” from HIPAA covered entities that must reflect virtually every instance of access to their electronic protected health information (ePHI), including all access by individual employees. Weeks later, OCR followed the NPRM’s release with an announcement on July 7, 2011 that it had entered into an $865,000 settlement with the University of California at Los Angeles Health Systems (UCLAHS) to resolve potential HIPAA violations raised by celebrity complainants who claimed that employees of UCLAHS repeatedly looked at their ePHI without a permissible purpose. Employee “snooping” of this nature is precisely the type of behavior that the new “access report” described in the NPRM would capture. Individuals’ ability to request such reports from covered entities (and OCR’s ability to do the same) not only creates a new and burdensome obligation for covered entities, but also creates new enforcement risks in the process.
OCR’s enforcement action against UCLAHS followed an extended period in which employees allegedly repeatedly accessed ePHI of many patients, including several celebrity patients, when they did not have any job-related need to access the data. OCR’s investigation of this potential HIPAA violation led to the identification of multiple alleged deficiencies by UCLAHS under the Privacy and Security Rules. These included failing to implement security controls to reduce the risk of impermissible access, failing to provide Security Rule training, and failing to apply appropriate sanctions against workforce members who violated UCLAHS policies and procedures. The end result for UCLAHS was imposition of an $865,500 resolution amount and a Corrective Action Plan (CAP). The CAP has a three-year duration that begins once OCR approves the “Monitor Plan” established by UCLAHS, which includes, among other items...
Please see full article below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.