April 19, 2024
Volume XIV, Number 110
Home
Legal Analysis. Expertly Written. Quickly Found.
Login

Trending News

Just in Time for the Phase II Audits: OIG Criticizes OCR’s Enforcement Efforts
Thursday, October 1, 2015
Just in Time for the Phase II Audits: OIG Criticizes OCR’s Enforcement Efforts HIPAA

Related Practices & Jurisdictions
Print Mail Download i

As HIPAA-regulated entities anxiously await the commencement of the Phase II HIPAA audit program, the Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS) has issued a report critical of the Office for Civil Rights’ (OCR) HIPAA enforcement performance, effectively giving OCR “something to prove.”

The report, released on September 28, 2015, examines whether OCR — the office within HHS charged with enforcing HIPAA — is sufficiently exercising its oversight responsibilities. The OIG specifically focused on whether OCR is sufficiently overseeing covered entities’ compliance with HIPAA’s Privacy Rule.  The OIG found a number of areas where OCR’s oversight is lacking.

To reach its conclusion, the OIG examined statistical samples of privacy cases investigated by OCR, as well as surveys of OCR staff and interviews with OCR officials. After examining this data, the OIG reached the following conclusions:

  • OCR’s oversight is primarily reactive, with OCR investigating possible noncompliance primarily in response to complaints.

  • OCR has not fully implemented the required audit program to proactively assess possible noncompliance from covered entities.

  • In 24 percent of cases where OCR requested corrective action, it subsequently failed to obtain complete documentation of corrective actions taken by the covered entities.

  • Some OCR staff rarely or never checked to see whether a covered entity had been previously investigated. The OIG found that the staff’s failure to check for previous investigations may be due to the limited functionality of its case tracking system.

The OIG’s report also sheds light on Privacy Rule compliance within the Medicare Part B provider community. According to the OIG’s findings, over a quarter of Part B providers did not address all of the applicable Privacy Rule standards, and may therefore be failing to adequately safeguard protected health information.  The OIG’s findings are summarized below:

OIG_findings HIPAA

Based on its findings, the OIG recommended that the OCR should:

  • Fully implement a permanent audit program;

  • Maintain complete documentation of corrective action;

  • Develop an efficient method in its case-tracking system to search for and track covered entities;

  • Develop a policy requiring OCR staff to check whether covered entities have been previously investigated; and

  • Continue to expand outreach and education efforts to covered entities.

OCR concurred with all five recommendations and described its activities to address them.

The OIG’s report comes amidst the impending start of OCR’s Phase II audit program. Whether the OIG’s report will impact how OCR conducts its Phase 2 audits, if at all, remains to be seen. However, it is not inconceivable that OCR could feel pressured to more aggressively investigate potential Privacy Rule noncompliance, and covered entities would be well-served to ensure that they are ready to respond to such audits.

©1994-2024 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

Current Legal Analysis

More from Mintz

EPA Has Now Listed Two PFAS as Hazardous Substances Under CERCLA. Hold Onto Your Hats.
by: Jeffrey R. Porter
DOJ Releases COVID-19 Fraud Enforcement Task Force Report Touting Its Successes and Urging Lawmakers to Enact New Legislation
by: Jane Haviland , Abdie Santiago
SEC’s Enforcement Authority Over Crypto Asset Transactions Upheld (Again) in Case Against Coinbase
by: Cory S. Flashner , Steve Ganis
Canada’s 2024 Federal Budget: The Time Is Now ... to Lock in Lower Tax Rates
by: Katy Pitch
American Privacy Rights Act – Another Shot at a Comprehensive Federal Privacy Law
by: Cynthia J. Larose , Christopher J. Buontempo
Tony Bennett May Have Left His Heart in San Francisco but the City's Appeal of Its NPDES Permit is on its Way to the United States Supreme Court.
by: Jeffrey R. Porter
Navigating Health Tech: Regulations for AI/ML in Medical Devices and Software [Video]
by: Benjamin M. Zegarelli , Pat G. Ouellette
Supreme Court Narrows the Reach of Omission Liability Claims Under Section 10(b) of the Exchange Act
by: Douglas P. Baumstein , Jason C. Vigna
Office of the Level Playing Field
by: Jennifer B. Rubin
The Sun is About to Set on Temporary CCPA/CPRA Exemptions: Employers Get Ready
by: Cynthia J. Larose

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins

 

Logo-white

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be  a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.

The National Law Review - National Law Forum LLC 3 Grant Square #141 Hinsdale, IL 60521  Telephone  (708) 357-3317 or toll free (877) 357-3317.  If you would ike to contact us via email please click here.

Copyright ©2024 National Law Forum, LLC