CMS shifts HIPAA security rule responsibility to Office of Civil Rights

The Centers for Medicare and Medicaid Services (CMS) has redelegated the responsibility and enforcement of the Health Insurance Portability and Accountability Act (HIPAA) security rule to the Office of Civil Rights (OCR), according to a notice in Monday's Federal Register.

The OCR now will administer and make decisions regarding the interpretation, implementation and enforcement of the HIPAA regulations security rule. Lisa Gallagher, senior director of privacy and security at the
Healthcare Information and Management Systems Society (HIMSS), said in an interview that the office also will bear responsibility to issue changes to guidances and policy.

Gallagher
explained that until this point, the two departments had been sharing responsibilities. As a result, every complaint required the Department of Health and Human Services (HHS) and OCR to collaborate, which slowed the process down considerably.

"Now, all complaints will be handled within one organization, which should increase efficiency" she noted.


According to CMS, the OCR will have the following HIPAA authorities, except for:
  • Imposing civil money penalties under the Social Security Act for a covered entity's failure to comply with certain requirements and standards;
  • Issuing subpoenas to require the attendance and testimony of witnesses and the production of any evidence that relates to any matter under investigation or compliance review for failure to comply with certain requirements and standards; and
  • Making exception determinations, under the Social Security Act, concerning when provisions of state laws that are contrary to the federal standards are not preempted by the federal provisions.

According to HHS Secretary Kathleen Sebelius, "This delegation to the [CMS] Administrator also excludes the authority to issue regulations and to hold hearings and issue final determinations if the respondent has requested a hearing on the imposition of civil monetary penalties. This delegation shall be exercised under the Department's existing delegation of authority and policy relating to regulations."

Around the web

Richard Heller III, MD, RSNA board member and senior VP of policy at Radiology Partners, offers an overview of policies in Congress that are directly impacting imaging.
 

The two companies aim to improve patient access to high-quality MRI scans by combining their artificial intelligence capabilities.

Positron, a New York-based nuclear imaging company, will now provide Upbeat Cardiology Solutions with advanced PET/CT systems and services.