Expect More HIPAA Audits and Stricter Enforcement in 2016

Look for the 2016 agenda for the Department of Health and Human Services’ Office for Civil Rights to accelerate its recent emphasis on enforcement of HIPAA.

Over a five-week period, the OCR announced plans to collect $5 million in monetary penalties in three enforcement actions against HIPAA covered entities. This increased emphasis on collecting fines and penalties is seen as a move to provide funds for the agency. These funds will be allocated to a program focused on auditing entity compliance with the HIPAA Privacy, Security and Breach Notification Rules, as well as other enforcement and regulatory activities.

In a recent OCR settlement, Triple S Management paid a $3.5 million fine and agreed to a corrective action plan over shortcomings in their security rule compliance program. The fine is the second highest penalty collected. Five other settlement cases with OCR this year bring the total amount collected by the agency to more than $6 million.

These resolution agreements signal that the OCR is aggressively moving to reach settlements in cases resulting from what the agency deems serious violations of the Privacy and Security Rules. There are currently more than 6,000 HIPAA Privacy and Security Rule complaints and compliance reviews being investigated by the OCR. Expect the agency to announce more high-profile enforcement actions in 2016, and then use any financial penalties collected to continue to fuel beefed-up enforcement.

If you have any questions about HIPAA compliance, phishing, or breach prevention, contact ITPAC today.