HHS Office of Inspector General Calls for Increased Oversight and Enforcement of HIPAA Print
Written by MWE.com   
Thursday, 12 November 2015 00:00

On September 29, 2015, the U.S. Department of Health & Human Services Office of the Inspector General (OIG), Office of Evaluation and Inspections, released two studies calling on the HHS Office for Civil Rights (OCR) to strengthen its efforts in both general enforcement of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Standards and enforcement of security breach reporting requirements. OIG commissioned both studies out of concern for the increased risk of an invasion of privacy and exposure to fraud, identity theft, and other harm that patients face in an ever-expanding digital health environment.

In its response to OIG, OCR generally concurred with the OIG's recommended improvements to its HIPAA investigation and enforcement practices and stated that OCR will launch its delayed its phase 2 audits (Phase 2 Audits) of compliance with the HIPAA Privacy, Security and Breach Notification Standards in early 2016. The anticipated launch of the Phase 2 Audits, as well as OCR's public statements that it intends to step up its enforcement activities, should be an impetus for covered entities and business associates to assess their privacy, security and breach notification practices for compliance with the HIPAA standards and to mitigate the risks, threats and vulnerabilities to protected health information (PHI) that lead to breaches. OCR's responses to the studies are consistent with its prior statements over the past couple of years that enforcement is a high priority.
 
Last Updated on Friday, 13 November 2015 16:36