CMS Has Started Prosecuting Website HIPAA Violations

Posted by Josh Padnick
June 26th, 2006 · Posted in HIPAA

I wish I could point to a news article or URL on this story, but this one is purely through the grapevine. 

Earlier today I spoke with a HIPAA Compliance Expert who recently received a phonecall from a chiropractor on the East Coast.  This chiropractor apparently offered online patient registration on his website — a feature which clearly represents Protected Health Information under HIPAA.  One of his patients noticed that the registration form on his website was not encrypted…

SSl versus Unencrypted Websites

Apparently, the patient complained directly to CMS, and CMS has now asked the chiropractor to produce his HIPAA security plan (one of the elements required by HIPAA) within 30 days or else face fines of up to $100/violation capped at $250,000 and possibly jail time.  Yikes!

I’ve seen no shortage of practice websites that have these violations.  It will be interesting to see if news of this gets spread, and if so, how that affects people’s anxiety about HIPAA.

 « A Successful Showing at BONES How Would You Describe Your Current Website? »   

You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.

 
Entries (RSS) · Comments (RSS) · The Official Blog of Omedix