HIPAA Complaints Reveal Public Concern About All Types of Organizations – Not Just Healthcare
Melamedia Analysis Shows OCR Strong Reliance on Education in Addition to Enforcement
ALEXANDRIA, VA, US, December 3, 2018 /EINPresswire.com/ -- The number of HIPAA complaints lodged by patients annually tripled from 2007 through 2017 – but not necessarily because of breach reporting under the HITECH Act, according to an analysis of HHS data by Melamedia2, LLC, publishers of Health Information Privacy Security Alert.
The most significant jump in patient complaints occurred when HHS Office For Civil Right (OCR) allowed individuals to lodge complaints online during FY 2015 (November 2014 through September 2015) In that time, the number of annual complaints rose from 16,391 in CY 2015 to 20,900 in CY 2016 and 24,816 in CY 2017.
Patient complaints only rose slightly after the HITECH Act required breach reporting in September 2009, the analysis revealed.
While the number of complaints lodged with OCR increased significantly after 2014, there was no dramatic increase in the number of complaints that uncovered significant HIPAA violations, according to Melamedia’s analysis. The number of more serious complaints that formally required organizations to change their practices generally has ranged from 150 to 250 per quarter since 2015.
At about the same time, OCR started to provide technical assistance to hundreds of HIPAA Covered Entities and Business Associates. This number of times that OCR has engaged in this more informal enforcement or “free consulting” has ranged between 400 and 600 per month in recent years, the Melamedia analysis indicated.
The increase in patient complaints also resulted in a jump in complaints about activities that were not HIPAA-related, the analysis found. OCR does not have a formal program for referring these complaints to other agencies, but over the years, HHS officials have said that these non-HIPAA complaints often deal with a variety of workplace and educational privacy issues.
“The increase in patient complaints lodged with OCR is a good indication that people are more concerned about the use of their health data outside of the healthcare system – regardless of whether they are related to HIPAA,” observed Dennis Melamed, editor and publisher of Health Information Privacy/Security Alert3. “That’s important to note because the difference between health data covered by HIPAA and not covered by HIPAA is not obvious to patients or consumer.”
A deeper discussion of the lessons1 from first 15 years of HIPAA enforcement, OCR’s current enforcement posture and the major developments in 2018 will be conducted in Melamedia’s 15th Annual Year-End Review of Medical Privacy and Data Security Enforcement on Dec. 18.
About Melamedia, LLC.
Melamedia, LLC is a regulatory research and publishing company. Since 1997, it has published Health Information Privacy/Security Alert, one of the nation’s leading independent publication focused on the security and confidentiality of patient and consumer health data.
Katalin Sugar
Melamedia
703-704-5665
email us here
1 http://www.melamedia.com/v/15thAnnual.Long.Description12-18.htm
2 http://www.melamedia.com
3 http://www.melamedia.com/Health_Information_Privacy_Security_Alert_p/hipsa.htm