OCR has increased its staffing in the areas of privacy and security enforcement.

Historically, HIPAA’s enforcement has been limited to events stemming from complaints and the associated civil monetary penalties were often considered to be insufficient to deter other CEs.

Going forward, indicators suggest this will change:

• HITECH’s Breach Notification Rule made privacy and security weaknesses visible and public to the point where they cannot be ignored or dismissed
• Enforcement totals for 2011 were the highest ever, exceeding $6 million in fines
• OCR’s new director is an experienced prosecutor

HIPAA audits are just the latest enforcement channels. OCR still responds to complaints and reported breaches, but has also increased its staffing resources through hiring and training in the areas of privacy and security enforcement.

As OCR takes an aggressive approach towards oversight and enforcement, CEs should reconsider their past practices for HIPAA compliance so that they are well prepared for the new paradigm.

<< Previous | Next >>

Three steps to prepare for a HIPAA audit

Related content

• Privacy trends 2012
• What insurers need to know about medical loss ratio

Download

• Three steps to prepare for a HIPAA audit as a pdf

Contact us

• Glen E. Day
  Senior Manager
  Advisory Services
  +1 805 778 7030
  
  
• Reza Chapman
  Senior Manager
  Advisory Services
  +1 602 369 4952

Feedback

• Rate this article
• Leave a comment