HIPAA Complaints Leading to Fewer Formal Changes in Healthcare Privacy & Security Programs, Melamedia Analysis Finds

Latest analysis to take a fuller look at privacy and data security actions in the first 15 years of HIPAA enforcement

Patient complaints continue to be an effective way to get healthcare organizations to make changes to their privacy and security programs.”
— Dennis Melamed, Editor, Health Information Privacy/Security Alert

ALEXANDRIA, VA, US, November 14, 2018 /EINPresswire.com/ -- Fewer healthcare organizations are being required to make changes to their privacy and security programs due to patient complaints, according to an analysis of HHS data from 2008 through July 2018 by the independent newsletter, Health Information Privacy/Security Alert.

However, patient involvement is still playing a significant role in forcing healthcare organizations to make changes to their HIPAA programs as OCR responds to those complaints.

Actionable complaints invoking HIPAA, which were filed with the HHS Office for Civil Rights, fell steeply after 2014, according to the analysis. In 2015, 733 patient complaints prompted healthcare entities to make changes in health data privacy and security policies after OCR investigated compared to 1,288 in 2014.

That number fell again to 727 complaints in 2016, but started to rise again in 2017 when 863 patient complaints resulted in changes to healthcare policies and procedures. The overall level appears to be the on the same pace for 2018 with 515 patient complaints forcing changes through July 31.

“Patient complaints still continue to be an effective way to get healthcare organizations to make changes to their privacy and security programs,” observed Dennis Melamed, editor and publisher of Health Information Privacy/Security Alert. “OCR’s program to provide technical assistance is also partly based on patient complaints, and there have been thousands of instances in recent years in which healthcare entities have made changes In fact, OCR reported 3,000 instances in which it has provided such assistance through the first six months of 2018.”

A fuller exploration of health data privacy and security enforcement will be conducted in Melamedia’s 15th Annual Year-End Review of Medical Privacy and Data Security Enforcement. The webinar features Iliana Peters, former OCR Acting Deputy Director for Health Information Privacy.

Melamedia, LLC is regulatory affairs research and education company and has published Health Information Privacy/Security Alert – the first independent newsletter tracking health data confidentiality and security issues – since 1997.

Katalin Sugar
email us here
+1 703-704-5665