The Department of Health and Human Services’ Office for Civil Rights reviews all reports of breaches of protected health information affecting more than 500 individuals, says David Holtzman, a health information privacy specialist at OCR.

At the Safeguarding Health Information conference in Washington, Holtzman outlined several issues that organizations that have experienced a large breach should be prepared to respond to. They include a determination of the root cause of the breach, identification of gaps in compliance with HIPAA privacy and security rules that led to the breach, and evidence that the root cause has been addressed to ensure further breaches do not occur.

OCR investigations into violations of the HIPAA privacy rule have brought corrective changes to more than 10,000 organizations, Holtzman says. In the past year, the office also became the enforcer of the HIPAA security rule and the breach notification rule.

Under the HITECH Act, penalties for privacy and security rule violations have been significantly enhanced particularly for incidents resulting from “willful neglect” to comply with the rules--up to $50,000 per violation with an annual cap of $1.5 million for all identical violations.

Asked if OCR would like to see the lack of password protection and encryption as presumptive evidence of willful neglect, Holtzman replied that the issue would be addressed in forthcoming rules. He declined to directly answer a question about whether OCR will randomly audit organizations for privacy and security rule compliance. He did say that the Department of Health and Human Services has been given the authority to conduct audits and is currently developing a plan to implement an audit program.

--Joseph Goedert

 

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access