Telehealth HIPAA Privacy and Security Audits in 2016 – Expect an Increase

Writing for healthcareinfosecurity.com, former Health and Human Services, Office of Civil Rights (OCR) attorney, David Holtzman predicts that in 2016, the OCR will aggressively increase their number of audits to enforce compliance among health care providers and their business associates, with the Health Insurance Portability and Accountability Act (HIPAA) patient privacy and security law.

As called for under the federal Health Information Technology for Economic and Clinical Health (HITECH) Act, HIPAA-covered entities are required to report security breaches of consumers protected health information (PHI) to OCR.

OCR conducted a pilot audit program in 2012, and is currently preparing another round of audits with hopes of making the program permanent.

HITECH also gave OCR the ability to levy fines for non-compliance.

Holtzman expects the number of fines to grow as the audits increase.  “According to OCR’s website, there are more than 6,000 HIPAA privacy and security rule complaints and compliance reviews being investigated.  I expect OCR will turn to the proceeds from its recent enforcement actions to fuel a wider audit program.”

Although HITECH calls for a percentage of the fines collected by OCR to be distributed to consumers whose security was breached, Holtzman notes, “…don’t look for the agency to share the wealth with consumers any time soon.”

With continuing pressures on federal spending restricting the growth of agency budgets and resources to support OCR’s expansive mission, it seems unlikely that the office will aggressively pursue an initiative that would result in the sharing with consumers the proceeds from its monetary settlements from HIPAA enforcement actions.”

In 2015, the Protected Health Information of over 113million individuals was breached, as reported to the OCR.  Federal law requires that all health providers covered by HIPAA, and their business associates, report breaches of PHI affecting 500 or more individuals.

Click here for the Healthcareinfosecurity.com article on the HIPAA enforcement outlook. 

Click here for HIPAA News Releases & Bulletins from the OCR in the Department of Health and Human Services, the HIPAA enforcement agency.

Share

Leave a Reply