HIPAA Enforcement to be Ramped Up
Healthcare Technology Trends for 2015 – HIPAA Journal
The Office for Civil Rights delayed its proposed round of compliance audits last year, and while a timescale has not been provided for when they will recommence, OCR Director, Jocelyn Samuels, has promised they will be recommencing ‘expeditiously’.
The OCR has come under pressure from the DHHS in recent months to take a more aggressive stance and increase enforcement of both the Health Information Technology for Economic and Clinical Health Act (HITECH) and the Health Insurance Portability and Accountability Act (HIPAA). Since the passing of the Omnibus Final Rule, random audits will be conducted on healthcare providers, health plans, healthcare clearing houses and business associates.
The OCR is expected to issue more financial penalties to violators of HIPAA Privacy and Security Rules over the course of the next 12 months. Assessments are expected to cover the Security Rule, Omnibus Rule and Breach Notification Rules, in addition to Privacy Rule requirements and patient access rights.
2014 saw the highest number of OCR settlements reached to date, including the substantial $4.8 million settlement with New York Presbyterian Hospital and Columbia University. The aggressive approach of the OCR is expected to continue in 2015.
District Attorneys may have been slow to enact their rights under HITEC/HIPAA to enforce Privacy, Security and Breach Notification Rules; although four Attorney General’s Offices have now taken action against violators and more are expected to follow suit in 2015.
The Connecticut Supreme Court’s decision to allow plaintiffs to file lawsuits against healthcare providers that allow their Protected Health Information to be divulged has been seen as a game changer and is likely to act as a precedent and lead to a plethora of lawsuits against healthcare providers that fail to prevent HIPAA breaches from occurring.
With financial penalties coming from two fronts and class action lawyers eager to sign up victims of breaches, 2015 promises to be an expensive year for any healthcare provider failing to implement the appropriate technical, physical and administrative safeguards to protect the privacy of patients.