OCR: The HIPAA enforcer?
HIM-HIPAA Insider, August 10, 2009
You know the "what" when it comes to HIPAA privacy and security enforcement: New federal laws this year include larger monetary fines, periodic audits, civil-suit authority to state attorneys general, and new HIPAA Security Rule compliance to business associates (BAs) of covered entities.
You now know the "who": The Office for Civil Rights (OCR), long the HIPAA Privacy Rule warden, inherits the security rule per a July 27 announcement by HHS Secretary Kathleen Sebelius.
But for covered entities, "when" and "how much" remain the bigger questions. When will this stepped-up enforcement arrive? And how regular will it be?
"I think the initial intent is to combine privacy and security investigations, audits, etc., in one division given [that] many security violations/breaches lead to privacy breaches," says Chris Apgar, CISSP, president of Apgar & Associates in Portland, OR. "It's logical that there be one enforcement shop for privacy and security. As far as what it means on the auditing side, that's likely not something we will know until next year."
Get more analysis on our HIPAA Update blog.
Related Products
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
HIPAA Accounting of Disclosures Rule
During this 90-minute audio conference, our speakers will help you understand what is included in the proposed rule, what is...
-
The HIPAA Omnibus Rule
Understand the HIPAA Omnibus Rule and what you must do to ensure compliance
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
Most Popular
- Articles
-
- Note from Hugh
- Note from the instructor: CMS clarifies payment amount to be applied to payment caps and manual review thresholds for outpatient therapy services provided by critical access hosptials
- Steps to comply with HIPAA 2.0: Revise your policies and procedures
- Recent Recovery Auditor activity
- The week in Medicare updates
- Steps to comply with HIPAA 2.0: Revise your policies and procedures
- Citing HIPAA, CVS to end prescription reminders via mail
- ACDIS/AHIMA brief provides guidance on query best practices
- Change your EMR to prepare for ICD-10
- 2014 Hospice Proposed Rule Released
- E-mailed
-
- Note from the instructor: CMS clarifies payment amount to be applied to payment caps and manual review thresholds for outpatient therapy services provided by critical access hosptials
- Q&A: Focused professional practice evaluation (FPPE)
- Change your EMR to prepare for ICD-10
- 2014 Hospice Proposed Rule Released
- Solidify processes to avoid HAC penalties
- Steps to comply with HIPAA 2.0: Revise your policies and procedures
- Citing HIPAA, CVS to end prescription reminders via mail
- 2014 IPPS Proposed Rule: CMS focuses on quality measures, inpatient status
- HCA initiative boosts flu shots among hospital workers
- Managing the precertification process
- Searched