Recent Comments by Director of HHS Stress HIPAA Audits and Enforcement Actions and the Need for Culture of HIPAA Compliance
According to the Department of Health and Human Services’ Office for Civil Rights (OCR), all covered entities should prepare for an OCR audit of their compliance with HIPAA. The agency will focus on widespread noncompliance “not any particular sector of the health care delivery system” and covered entities and business associates should create a culture of compliance. OCR will spearhead the increased federal enforcement effort addressing HIPAA regulations. The final HIPAA rule, published January 25, 2013, contains mandated increases in civil penalties for HIPAA violations and extends their reach to business associates.
In addition to implementing technical security standards to protect health information (PHI), OCR indicates that covered entities and business associates should focus on training employees involving, among other things, the proper handling of mobile devices that contain PHI. OCR indicates that the loss and theft of mobile devices remains the highest cause of health information breaches. Finally, OCR has been explicit that covered entities and business associates will face enforcement actions and civil monetary penalties for not having policies and procedures in place to comply with HIPAA.
If you have any questions regarding HIPAA compliance, or are facing an audit or enforcement action, in this era of heightened scrutiny, please free to contact us.