New HIPAA Privacy Compliance and Enforcement Website

Tuesday 24 April 2007
Yesterday I received an email via the OCR-Privacy listserv announcing the launch of a new HHS web site on HIPAA Privacy Compliance and Enforcement.


I haven't had time to check out the new website but plan to in the coming days. While scanning the website I found the "Enforcement Highlights" and "Case Examples" section very interesting. In the meantime, here is the press release issued in the email by HHS.

To coincide with the fourth anniversary of the enforcement of the HIPAA Privacy Rule, the Department of Health and Human Services (HHS) announced today the launch of an enhanced Web site that will make it easier for consumers, health care providers and others to get information about how the Department enforces health information privacy rights and standards. In launching the website, Winston Wilkinson, the Director of the HHS Office for Civil Rights, noted: "HHS has obtained significant change in the privacy practices of covered entities through its enforcement program. Corrective actions obtained by HHS from these entities have resulted in change that is systemic and affects all the individuals they serve."


The Health Information Privacy Web site provides comprehensive information about the Privacy Rule, which creates important federal rights and requirements to protect the privacy of personal health information. The enhanced Web site, http://www.hhs.gov/ocr/privacy/enforcement provides information for consumers, health care providers, health plans and others in the health care industry about HHS’s compliance and enforcement efforts. The new information describes HHS activities in enforcing the Privacy Rule, the results of those enforcement activities, and statistics showing which types of complaints are received most frequently and the types of entities most often required to take corrective as a result of consumer complaints. The other information on the Web site covers consumers’ rights to access their health information and significantly control how their personal health information is used and disclosed, as well as guidance about how to submit complaints about possible violations of the law and extensive guidance for entities who must comply with the rule.


HHS issued the patient privacy protections pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The first and only comprehensive federal privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers took effect on April 14, 2003. Developed by HHS, these standards provide patients with access to their medical records and more control over how their personal health information is used and disclosed. The regulation covers health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions (e.g., enrollment, billing and eligibility verification) electronically. HHS has conducted extensive outreach and provided guidance and technical assistance to providers and businesses to help them to implement the new privacy protections. These materials are available at http://www.hhs.gov/ocr/hipaa.