Health Information Privacy/Security Alert Focuses on HHS Referrals of HIPAA Privacy Complaints to Other Federal, State Regulators; Oct. 12 Audio Seminar Helps Healthcare Cope with Government Investigations

Business Wire, Oct 3, 2005

ALEXANDRIA, Va. -- The HHS Office for Civil Rights (OCR) is referring HIPAA privacy complaints to other state and federal regulators, including state human rights commissions, the Department of Education, the Social Security Administration and the Equal Employment Opportunity Commission.

As of August 31, OCR received 15,00 privacy complaints and is averaging 600 new complaints monthly, according to Melamedia's independent newsletter, Health Information Privacy/Security Alert. With the HIPAA security rule in effect, CMS also established a complaint system.

To meet these challenges, HHS trained about 200 regional investigators to pursue HIPAA complaints.

"The referrals to other agencies show that HIPAA created a broad channel for patients and employees to vent concerns over healthcare information practices," observed Dennis Melamed, editor of the newsletter. "These referrals also suggest that when HIPAA investigators call, organizations should worry about visits from other state and federal regulators about possible violations of other state and federal privacy and security laws."

Virtually every state has adopted or is considering stronger privacy and security requirements to protect consumers from identity theft. So local police and the FBI may get involved in privacy and security breaches.

Healthcare must develop procedures to respond to the almost inevitable call from enforcement agencies when they investigate privacy and security complaints. To assist healthcare develop appropriate strategies, Health Information Privacy/Security Alert is producing a 90-minute audio seminar on Wednesday, Oct. 12: RESPONDING TO GOVERNMENT INVESTIGATIONS OF MEDICAL PRIVACY AND SECURITY BREACHES.

The seminar details the actions organizations should consider when responding to privacy and security enforcement investigations. Among the topics: planning for HIPAA investigator visits; why privacy and security complaints may require different approaches; dealing with employee complaints; and establishing lines of communication with law enforcement.

The faculty features authorities with real world and practical experience in dealing with privacy complaints:

--RICHARD MEEKS, the University of Washington's HIPAA Compliance Officer, manages the HIPAA Program Office for the university's medical centers.

--JOHN R. CHRISTIANSEN, a principal in Christiansen IT Law, focuses on the implementation and management of healthcare information technology and is Co-Chair of the American Bar Association's Committee on Healthcare Privacy, Security and Information Technology.

To register for the seminar, visit www.melamedia.com or call (703)704-5665.