OK, so why now?
The HHS Office for Civil Rights (OCR) reports that settlement payments last year were $25.6 million[1]. Subsequently, they are reporting there will be an increase in HIPAA compliance investigations. With resources from settlement fines, OCR believes the industry has had adequate time to develop complete data security policies and procedures. Unfortunately, healthcare organizations are still lagging. But take notice there will be a higher number of investigations by OCR in 2017. That’s more than enough to ruin a good day.
To make matters worse, OCR is not always consistent with its audit process. In some cases, inspections occur over years during which the rules can change. Covered Entities (CEs) and their Business Associates (BAs) must conduct Risk Assessments on a regular basis to ensure compliance. That said, there is no definition of what a ‘regular basis’ means, or what entails a ‘comprehensive Risk Assessment’. They’re not saying HOW to do it, just do it.
Not surprisingly, OCR’s perspective on compliance is “sometimes a matter of judgment on the language in pertinent regulations.[2] ” More funds collected fosters expectations that OCR may increase the number of audits with additional resources funded by received settlements.
[1] Goedert, Joseph. "Why OCR is aggressively enforcing HIPAA compliance." Health Data Management. Source Media, 1 Dec. 2016. Web. 16 Dec. 2016.
[2] Ibid.
« Healthcare: The 4th Industrial Revolution | Main | A New Year of Unprecedented Regulatory Uncertainty »
The comments to this entry are closed.
Search
Healthcare Blogroll
- Dr. Bobbs Blog
- e-CareManagement blog
Chronic Disease Management • Technology • Strategy • Issues and Trends - EMR and HIPAA
An open forum on topics covering EMR, EHR, HIPAA and Healthcare - Health Care Law Blog
Thoughts and comments on the health care industry, privacy, security, technology written by Bob Coffield. - Health Populi
Jane Sarasohn-Kahn is a health economist and management consultant that serves clients at the intersection of health and technology. - Healthcare Technology News
Health Wonk Review - Healthcare Technology News
Advancing Performance in Healthcare - HIT Sphere
- Internet Lawyer
Digital Business Law Group provides legal services covering areas such as copyright, trademark infringement, privacy issues, and more regarding use of the internet. - Patient Centric Healthcare
George Van Antwerp's thoughts about healthcare and related topics. - The Health Care Blog
THCB - Everything you wanted to know about the Health Care system ... but were afraid to ask. - The Healthcare IT Guy
- The Value of the Internet for Healthcare
An essay on the value of the Internet: Improving Healthcare for Older Adults - Yasnoff on eHealth
Commentary and Blog on eHealth by William A. Yasnoff, MD, PhD Managing Partner of NHII Advisors
Most Popular Posts
- Advantages of an EHR
- Bloomberg/Businessweek Webcast: Telemedicine Hot or Not?
- Criteria for EHR "meaningful use"
- EHR Adoption Under the ARRA HITECH Stimulus Act
- HITECH / HIPAA Compliance is a Wicked Problem
- HITECH Act: HIPAA Survival Guide
- Part 1: The Value of the Internet for Improving Health Care
- Part 2: Online Healthcare Information
- Part 3: The Internet and Access to Quality Healthcare Information
- Part 4: The Technology "e-bilities": Reliability, Secure-ability, Useability, Read-ability & Accessibility
Healthcare News & Links
- ACO Survival Guide Store
- HIPAA Training
- HITECH Act
- HIPAA Security Rule
- HIPAA Privacy Rule
- HIPAA Survival Guide (online)
Practical advice for health care practitioners in light of regulations for the HITECH Act and HIPAA. - HIPAA Requirements
- Links to sites of interest at the intersection of Healthcare & Technology
Comments