In an interview with Howard Anderson over at healthcareinfosecurity.com, OCR’s Leon Rodriguez gives some interesting insight into OCR’s audit program.
Some are some highlights of the interview:
- Due to funding cuts and capacity of KPMG, the firm hired to conduct the audits, the agency may come up short of the 150 planned audits
- OCR funding cuts “will likely be more than offset by income from monetary penalties the office collects from HIPAA violators, which can be used to fund enforcement.”
- There is a “reasonable likelihood” that the audit program will continue into 2013.
- Rodriguez says “You really still do have significant security vulnerabilities out there, he says. “And sometimes those issues are as fundamental as no evidence of a risk analysis, no policies and procedures and no adequate technical safeguards for data.”
One of the takeaways is that although the OCR budget has been cut by $2million in 2013, the agency plans of offsetting the cut by HIPAA fines they collect. That makes it clear that enforcement and fines are here and they are real.