HIPAA fines at record levels
We are six months in and 2016 is already a record-breaking year for HIPAA enforcement actions from the Health and Human Services Department's Office for Civil Rights. According to a couple of recent articles published the OCR has levied almost $15 million in fines this year, compared to $6.2 million for all of last year. This coming from a recent article from FierceHealthIT.
The OCR said in one of the articles that it is focused on “ongoing threats to PHI, and where there are patterns of noncompliance that appear to be pervasive.” It also said to expect more enforcement actions through the end of the year.
In a statement provided to Information Security Media Group, an OCR spokesman says: "Since the enactment of the HITECH Act and the requirement for entities to report breaches to HHS, OCR has focused a greater number of enforcement resources on systemic compliance failures - for example, where compliance failures present ongoing threats to PHI, and where there are patterns of noncompliance that appear to be pervasive in the industry. OCR expects there to be more resolutions through the end of the fiscal and calendar year, given this continued focus."
We strongly suggest you read these two articles published in Healthcare Info Security and HealthITSecurity. These two articles give us good information on the issues, how OCR is viewing them, the reasons, the patterns and what is happening at the government level around audits, breach audits and enforcement.