Expect Stricter HIPAA Enforcement
The Department of Health and Human Services (HHS) announced that the Office for Civil Rights (OCR) will now be responsible for enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA) security rule in addition to the privacy rule. (The Centers for Medicare & Medicaid Services was previously responsible for the security rule). This consolidation of HIPAA enforcement activity highlights the Administration’s heightened scrutiny of security and privacy of health information. In fact, the American Recovery and Reinvestment Act of 2009 mandates enhanced patient privacy rights and physician practice requirements, increased financial penalties for violations of the privacy rule and the security rules and allocated additional resources for enforcement.
How will this affect you? Well if your group practice has not yet put in place a plan to implement the Red Flag rules, you will be at risk of a HIPPA violation once the enforcement begins.