OIG Report: CMS Not Perfect with Breach Notification Rules | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

OIG Report: CMS Not Perfect with Breach Notification Rules

October 12, 2012
by Gabriel Perna
| Reprints

According to a recent audit by the Department of Health & Human Services' Office of the Inspector General (OIG), the Centers for Medicare and Medicaid Services (CMS) could improve the database in which it lists all of the breaches of protected health information is has had since 2009. Also, while CMS did notify 13,775 Medicare beneficiaries affected by the breaches, it did not meet several American Recovery and Reinvestment Act (ARRA) requirements.

The study, from OIG, looked at how effective CMS has been in notifying the affected Medicare beneficiaries when their protected health information has been breached, as required by the ARRA. The audit looked to determine the extent to which CMS’ response met the notification requirements in the ARRA by looking at its response to medical identity theft involving beneficiary and provider Medicare identification numbers and the remedies it offers to beneficiaries and providers.

The audit found that between Sept. 23, 2009 and Dec. 31, 2011, CMS reported 14 breaches. While it did make progress in responding to medical identity theft by developing a compromised number database for contractors, it failed on several requirements. Along with the database, it did not consistently develop edits to stop payments on compromised numbers. Also, the audit’s authors say CMS offers some remedies to providers but fewer to beneficiaries affected by medical identity theft.

For its recommendations, OIG recommended CMS ensure that breach notifications meet Recovery Act requirements, improve the compromised number database, and provide guidance to contractors about using database information and implementing edits. It also recommended CMS develop a method for ensuring that beneficiaries who are victims of medical identity theft retain access to needed services and one for reissuing identification numbers to beneficiaries affected by medical identity theft.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).

Circulation, Buoy Health Collaborate on Integrated Platform for Patient Transportation

Boston-based startup Circulation Health, a ride-ordering exchange that coordinates medical transportation logistics using Lyft and other transportation partners, is partnering with Buoy Health, also based in Boston, to integrate their platforms to provide patients with an end-to-end healthcare experience.

HITRUST Provides NIST Cybersecurity Framework Certification

The Health Information Trust Alliance (HITRUST), security and privacy standards development and accreditation organization, announced this week a certification program for the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (Framework).

Report: Interoperability in NHS England Faces Similar Barriers as U.S. Healthcare

Electronic patient record interoperability in NHS England is benefiting patient care, but interoperability efforts are facing barriers, including limited data sharing and cumbersome processes falling outside of the clinician workflow, according to a KLAS Research report.

Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.

$30M VC Fund Launched to Spur Innovation in Cardiovascular Care

The American Heart Association, together with Philips and UPMC, has announced the launch of Cardeation Capital, a $30 million collaborative venture capital fund designed to spur healthcare innovation in heart disease and stroke care.