Beginning in 2016, the United States Department of Health and Human Services’ Office for Civil Rights (OCR) will conduct another round of audits to gauge compliance with privacy provisions in the Health Insurance Portability and Accountability Act (HIPAA). This announcement comes in the wake of criticism leveled against OCR for inconsistencies enforcing the HIPAA Rules.
In an executive summary entitled “OCR Should Strengthen its Oversight of Covered Entities’ Compliance with the HIPAA Privacy Standards,” the United States Department of Health and Human Services’ Office of the Inspector General (OIG) criticized OCR for its failure to implement the required audit program in order to proactively assess possible noncompliance from covered entities. In a second executive summary, “OCR Should Strengthen its Followup of Breaches of Patient Health Information Reported by Covered Entities,” OIG determined that OCR was failing to ensure covered entities who experienced large data breaches documented corrective action. The report found that OCR did not record small-breach information in its case tracking system. OIG recommended that OCR develop a policy to check whether covered entities had been previously investigated. OIG recommended that OCR continue to expand outreach and education efforts to covered entities. Continue Reading