|
|
|
HIPAA Security Rule The Centers for Medicare and Medicaid Services (CMS) has issued guidelines for filing complaints of HIPAA Security Rule violations. The HIPAA Security Rules are effective April 20, 2005 for large plans; and April 20, 2006 for small plans. CMS is the entity charged with enforcing the HIPAA Security Rules. CMS has indicated that it will seek voluntary compliance with the Security Rules. It has set out guidelines for filing complaints, and for responding to such complaints. In a nutshell, a complaint about a Security Rule violation must be filed, in writing, within 180 days of the date the violation became known, or should have become known. It must state, with specificity, the nature of the complaint, and must include contact information for the complainant. Once the complaint is received, CMS will either determine the complaint has no merit; or, if it is determined that the complaint does have merit, CMS will contact the relevant covered entity. The covered entity will be asked to respond to the complaint within 30 days; or, extensions may be granted. The covered entity can respond in one of three ways:
Once the issue has been resolved, CMS will monitor compliance of the corrective action plan, if applicable.
|
|||||||
