The Office for Civil Rights (OCR) showed once again that is serious about enforcing the HIPAA security and privacy regulations. OCR invited the 50 state attorneys general (AG) to 2 day in-person meetings to prepare them to better enforce the HIPAA regulations. The HITECH Act gave state attorneys general the authority to bring civil actions for HIPAA violations.
An article over at Government Health IT states:
The training course will aid state attorneys general and their staff in investigating and seeking damages for violations of the Health Insurance Portability and Accountability Act (HIPAA) that affect residents of their states, said Sue McAndrew, OCR deputy director for health information privacy.
The article goes on to state what is becoming more and more clear; OCR wants to show that they are very serious about enforcing the HIPAA regulations. Between training the state AGs and handing out over $5 million in fines in the past two weeks there should be no doubt that expanding HIPAA enforcement is here and more is coming.
OCR wants to make its message clear that the agency that oversees health information privacy is serious about enforcement of HIPAA privacy and security rules. OCR has had enforcement over all aspects of HIPAA since 2009.
In 2011, OCR has imposed fines of more than $5 million and established agreements for corrective actions by three organizations.
Valerie Morgan-Alston, deputy director for enforcement and regional operations, a new OCR position, said to expect “big enforcement actions in the future.”