OCR Confirms Walgreens HIPAA Investigation
In addition, CVS must monitor its compliance with the HHS and FTC orders by having a third party conduct assessments and report to the federal agencies. The HHS corrective action plan lasts three years; the FTC requires monitoring for 20 years.
Rite Aid’s corrective action plan is similar.
The money collected by OCR through these settlements goes to “enforcement activities under the HITECH Act and the HIPAA Privacy and Security regulations,” OCR wrote in an e-mail to HealthLeaders Media.
John C. Parmigiani, president of John C. Parmigiani & Associates, LLC, in Ellicott City, MD, and chair of the team that created the HIPAA Security Rule, says he doesn’t think HIPAA enforcement action will quiet down any time soon.
“Hopefully, this action will serve as a underscored wake-up call to the healthcare industry that enforcement of HIPAA Privacy and Security under HITECH is both serious business and will be rigorously applied,” Parmigiani says. “I predict this type of enforcement action will be repeated numerous times as we move into an intensified compliance environment for covered entities and business associates.”
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- Resisting the Healthcare Consolidation Frenzy
- Give Nurses in Wheelchairs a Chance
- New G-Codes to Pay Doctors for Broad Array of Non-Face-to-Face Care
- 3 Better Ways to Market Bariatric Surgery
- HL20: George Halvorson—Expectations for Success
- Top 3 Health Plan Game Changers of 2013
- MGMA Urges 'End-to-End' ICD-10 Testing
- Scary Financial Challenges for 2014
- MU Compliance Announcement Sparks Concern, Confusion
- AMCs React to Being Shut Out of Some Exchange Plans