Leon Rodriguez, director of the U.S. Department of Health & Human Services’ (HHS) Office for Civil Rights (OCR), spoke this week at the HIMSS Privacy and Security Forum in Boston. Rodriquez gave some interesting insight into where HIPAA enforcement is going.
The permanent audit program is scheduled to be in place the beginning of 2014.
Narrow focus but more audits
But the audits will be narrower in scope than the 115 in the pilot program during 2012, helping pave the way for a higher number of organizations to be audited.
Covered Entities and Business Associates
“we will really look at the level of compliance at both covered entities and business associates,” Rodriguez stressed in his Sept. 23 presentation.
More fines will fund OCR’s budget
Rodriguez said he expects that OCR “will leverage more civil penalties.” And he noted that his office has approval to bank penalties it collects to fund enforcement actions across fiscal years. Being able to bank penalties will enable OCR “to maximize funding our auditing and breach analysis” activities, he added.
Writing is on the wall
Once again OCR has made it clear that they intend to enforce the HIPAA regulations. The days of lax enforcement are over. Organizations need to ensure they have made significant efforts to comply with HIPAA regulations including: