In a bit of turn-about is fair play, HHS reveals that Centers for Medicare and Medicaid Services failed to meet the patient notification deadline under the HITECH breach notification rule.  The report also cited some stats on medical ID theft.  CMS has a database of Medicare ID and claim numbers that have been used or are suspected of having been used in ID theft.  As of February 2012, the database had in excess of 280,000 beneficiaries and 5,000 providers.  CMS is supposed to be tracking unusual billing activity and establishing scores to identify claims for review but guidance is lacking on how to use the database and identifying billing and medical ID fraud.

http://www.govinfosecurity.com/medicare-lags-on-breach-notification-a-5194