A reader e-mailed a question this morning:
Do you know where I can find up-to-date data on HIPAA complaints filed? I’m trying to research current Privacy complaints submitted by category and resolution.
I spoke with my friend Bob Burns, who’s about as knowledgable a health IT expert there is, and he said that the original HIPAA law did not mandate any enforcement (although it did specifiy penalties) so there is no real HIPAA enforcement bureau yet. He did suggest that you can check with JCAHO, which does track HIPAA complaints for healthcare organizations.
The Centers for Medicare & Medicaid Services published in the March 25 Federal Register its procedures for filing non-privacy related HIPAA complaints. Effective April 25, persons who believe that a covered entity has violated any administrative simplification provision (including security and identifiers) may file a written complaint with CMS. Following receipt of a complaint, CMS will work with the covered entity to ensure compliance.
A new database to track HIPAA related complaints has been created but I haven’t seen it go live yet. Does anyone know any more about the HIPAA Information Tracking System (HITS)? Please leave a comment here or email me and I’ll send it to the reader.