Employers
HHS Signals Continued Focus on Health Plan Privacy and Cybersecurity
Privacy and security are enforcement priorities for government regulators following HHS's restructuring of its Office for Civil Rights.
HR Compliance
OCR Reports to Congress on HIPAA Compliance and Breaches of Unsecured Protected Health Information
Department of Health & Human Services Office for Civil Rights (OCR) recently issued two reports to Congress on Health Insurance Portability and Accountability Act of 1996...
The U.S. Department of Health & Human Services Office for Civil Rights (OCR) recently issued two reports to Congress on Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliance and enforcement. These reports, required by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, play an important role in encouraging the privacy and security standards of protected health information.
The first report focuses on HIPAA Privacy, Security, and Breach Notification Rule Compliance, outlining the minimum required safeguards for protected health information and individuals’ rights concerning their health data access. Notably, it sheds light on OCR’s investigative efforts into complaints, breach reports, and compliance reviews, providing insights into areas of noncompliance and emerging trends, such as cybersecurity readiness.
The second report addresses breaches of Unsecured Protected Health Information, spotlighting the number and nature of breaches reported to HHS Secretary. It underscores the requirement of covered entities to enhance compliance with HIPAA Security Rule requirements, particularly in areas like risk analysis, information system activity review, and response protocols.
In a statement, OCR Director Melanie Fontes Rainer emphasized the significance of these reports, urging covered entities to proactively address potential compliance issues. Rainer highlighted the importance of staying abreast of HIPAA trends to mitigate risks of breaches and OCR investigations.
Highlighted in the reports are staggering figures: in 2022 alone, OCR received over 30,000 complaints, resolving a significant portion with corrective actions and monetary penalties. Hacking incidents emerged as the leading cause of breaches affecting the most individuals, underscoring the ongoing cybersecurity challenges.
These reports not only provide valuable data for regulatory compliance but also serve as a call to action for covered entities to bolster their data security measures in an ever-evolving digital landscape.
Benefit Allocation Systems (BAS) provides online solutions for: Employee Benefits Enrollment; COBRA; Flexible Spending Accounts (FSAs); Health Reimbursement Accounts (HRAs); Leave of Absence Premium Billing (LOA); Affordable Care Act Record Keeping, Compliance & IRS Reporting (ACA); Group Insurance Premium Billing; Property & Casualty Premium Billing; and Payroll Integration.
MyEnroll360 integrates with major insurance carriers for enrollment eligibility management (e.g., Blue Cross, Blue Shield, Aetna, United Health Care, Kaiser, CIGNA and others), and with leading payroll platforms for enrollment deduction management (e.g., Workday, ADP, Paylocity, PayCor, UKG, and others).
This article is for informational purposes only and is not intended as legal, tax, or benefits advice. Readers should not rely on this information for taking (or not taking) any action relating to employment, compliance, or benefits. Always consult with a qualified professional before making decisions based on this content.
Topics
HR Compliance
Hiring Young Workers This Summer
Hiring workers under age 18 requires additional compliance responsibilities under the Fair Labor Standards Act's child labor provisions.
HR Compliance
What Federal Eligibility Verification Rules Can Teach Private Employers
A new OPM rule on federal health plan eligibility verification offers practical lessons for private employers managing dependent audits and qualifying life event documentation.