Press Release: Less Than 25% of Medical Privacy Complaints Merit HHS Investigation

Less Than 25% of Medical Privacy Complaints Merit HHS Investigation, Melamedia Seminar Reveals

Less than a quarter of the total medical privacy complaints lodged with the Department of Health and Human Services (HHS) were deemed eligible for further federal investigation of the targeted healthcare organizations covered by the Health Insurance Portability and Accountability Act (HIPAA), Melamedia, LLC reported today in its 3rd Annual Review of Medical Privacy and Security Enforcement.

Of the 22,664 complaints received by the HHS Office for Civil Rights (OCR) from April 2003, when the complaint system was started, through Sept. 30, 2006, approximately 5,400 (23.8%) merited further investigation or action, according to agency statistics.

Of the 5,400 complaints that were pursued, OCR took informal action in 3,700 cases. Of the remaining 1,700, OCR found that the covered healthcare organization named in the complaint had not violated the HIPAA privacy rule.

“These statistics raise a lot more questions than they answer,” observed Dennis Melamed, editor and publisher of the newsletter. “For example, does this mean that concerns over medical privacy are overblown? Or does it mean that the HIPAA privacy rule does not cover everyone it should? Or does it mean that the country got lucky and that the healthcare community has been protecting patient confidentiality but just didn’t have a way to prove it until HIPAA came along? We just don’t know,” he told seminar participants.

“While we shouldn’t read too much into these statistics,” Melamed said, “they do point out that we still do not have a grasp on how well we protect patient confidentiality. And that, by itself, is important to know as the U.S. pursues a national system of electronic health records and personal health records.

“I also give credit to OCR for issuing these statistics. The office clearly understood that these statistics would raise a lot more questions,” Melamed said. “This is a step in the right direction in helping policymakers and citizens understand some of the strengths and weaknesses in the systems the government has created to protect patient confidentiality.”

He also noted that the debate over electronic health records appears to have completely ignored the nation’s experience with HIPAA. “HIPAA created electronic transaction standards, which can reasonably be viewed as the first-born of electronic health records. However, few people appear to recognize that.

“Even more puzzling is why there has been no discussion of the HIPAA data security complaint system run by the Centers for Medicare and Medicaid Services (CMS),” Melamed said. ”This complaint system is focused exclusively on the security of electronic health records.”

CDs with the course materials from today’s seminar, including a further analysis of the latest OCR and CMS enforcement statistics are available from Melamedia, LLC at www.melamedia.com