CMS violated data breach notification requirements

The Centers for Medicare & Medicaid Services failed to meet federal  notification requirements when its Medicare patient database was breached, or  offer much help to beneficiaries whose protected health information was  compromised, an audit by the Department of Health & Human Services’  Inspector General found.

CMS had 14 breaches of protected health information (PHI) between Sept. 23,  2009, and Dec. 31, 2011, affecting 13,775 Medicare beneficiaries, according to  the HHS Office of the Inspector General (OIG). The beneficiaries were notified,  but CMS failed to meet several notification requirements detailed in the  American Recovery and Reinvestment Act, OIG found. Read more here courtesy of fiercehealthit.com