It seems that every day it becomes more and more clear that the government is planning on enforcing HIPAA regulations. Patient data privacy and security is becoming their priority. This could have to do with the fact that almost 8 million patients have had their data breached over the past 2 years. And considering that many hospitals and medical practices are planning on implementing electronic medical records (EMR), the amount of data breaches are likely to increase.
Let’s take a look at 2 recent developments that clearly show patient data privacy and security and HIPAA enforcement is becoming a priority.
Former prosecutor and healthcare provider lawyer to head OCR
Leon Rodriguez, a former prosecutor and healthcare provider lawyer, has been appointed to head The Office of Civil Rights (OCR). OCR is responsible for enforcing HIPAA and HITECH regulations. The choice of a prosecutor to head OCR is very interesting and points to the fact that OCR plans on enforcing HIPAA. Rodriguez’s comments also clearly point out that patient data privacy and security are a priority.
OCR is “committed to using every vehicle it has to advance and enforce sensible protections for the privacy and security of individuals’ protected health information,” Rodriguez said at a Sept. 12 HHS briefing about consumer use of personal health records and other health IT.
ONC makes trust in Healthcare IT a priority
The Office of the National Coordinator for Health Information Technology (ONC) recently released their Federal Health Information Technology Strategic Plan for 2011 – 2015 (PDF). In the plan they define 5 goals. Goal #3 clearly addresses patient data privacy and security.
Goal III: Inspire Confidence and Trust in Health IT
Let’s take a look at some of the details that ONC provided in the plan:
To that end, the HHS Office for Civil Rights (OCR) is fulfilling new obligations under the HITECH Act to modify the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to strengthen the privacy and security protections for health information and the enforcement of and penalties for violating the HIPAA rules. These added privacy and security protections are an integral piece of the government’s increased efforts to broaden the use of IT in health care.
More insight comes from one of the strategies they defined:
Strategy III.A.2: Enforce existing federal privacy and security laws and maintain consistency with federal policy.
In order for providers and patients to have trust in health IT and information exchange, they must be confident that privacy and security laws are in place and will be enforced. OCR is charged with civil enforcement of the HIPAA Privacy, Security, and Breach Notification Rules, the primary federal regulations protecting health information. The HITECH Act strengthens OCR’s civil enforcement of the HIPAA Rules by establishing four categories of violations that reflect increasing levels of culpability; four corresponding tiers of penalty amounts that significantly increase the minimum penalty amount for each violation; and a maximum penalty amount of $1.5 million for all violations of an identical provision during a calendar year. OCR also plans to conduct periodic audits that will assess covered entities’ and business associates’ compliance with the HIPAA Privacy and Security Rules. OCR will employ all of its enforcement tools – including imposing the increased penalty amounts for HIPAA violations, conducting compliance reviews, entering resolution agreements that are satisfactory to HHS for informally resolving indications of noncompliance, and conducting periodic audits – to improve compliance with the Privacy and Security Rules.
By both words and actions, the government is making their intentions clear. Patient data privacy and security along with increasing trust in Healthcare IT is their priority. No one should be surprised over the next year when they read headlines of HIPAA audits, large fines levied and what will seem like a major push for HIPAA enforcement. The writing is on the wall now.