Part II: Office for Civil Rights (OCR) Offers “Lessons Learned” Regarding HIPAA (Health Insurance Portability and Accountability Act) Compliance
Thursday, July 3, 2014
Emily Hord, Health Care Attorney, McBrayer Law Firm
Print Mail Download i

On Tuesday, some of the details of OCR’s recently released Breach and Compliance Reports were discussed. In addition to detailing facts and figures from cases involving breaches in 2011 and 2012, the Breach Report includes an important “Lessons Learned” section that all covered entities and their business associates should review. Based upon reported breaches, the OCR has outlined some specific areas of concern, which include the following:

Risk Analysis and Risk Management

Covered entities should ensure that their security risk analysis is thorough and pay special attention to ePHI on hard drives, digital copies, USB drives, and mobile phones, etc.

Security Evaluation

Covered entities should conduct a security evaluation, whenever there are operational changes, such as facility or office moves or renovations, that could affect the security of PHI.

Security and Control of Portable Electronic Devices

Covered entities should ensure that any PHI that is stored and transported on portable electronic devices is properly safeguarded, including encryption when appropriate.

Proper Disposal

For electronic devices and equipment that store PHI, covered entities should ensure that the device or equipment is purged or wiped thoroughly before recycling or discarding the device or equipment.

Physical Access Controls

Covered entities should ensure that physical safeguards are in place to limit access to facilities and workstations that maintain PHI.

Training

Covered entities should ensure that employees are trained and are aware of the sanctions and other consequences for failure to follow the organization’s policies and procedures.

In the Compliance Report, OCR outlines its plan for future improved enforcement. OCR expressly stated that it will “work smarter” to cope with the increasing volume of complaints and will pay special attention to “high impact cases.” Compliance Report p. 23. In 2011 and 2012, OCR doubled the number of cases ending in Resolution Agreements, settlement, and corrective action plans and OCR promises to “continue this uncompromising enforcement posture in the future.”

© 2024 by McBrayer, McGinnis, Leslie & Kirkland, PLLC. All rights reserved.

Current Legal Analysis

More from McBrayer, McGinnis, Leslie and Kirkland, PLLC

Businesses Receive Greater Clarity on Obligations under Federal Law
by: McBrayer, McGinnis, Leslie & Kirkland, PLLC
Public Improvement Liens on Government-Owned Projects
by: Brendan R. Yates
Providers Wary after First Ruling on CMS 60-Day Rule
by: Christopher J. Shaughnessy
Anheuser-Busch to sell distributorship in compliance with Kentucky law
by: McBrayer, McGinnis, Leslie & Kirkland, PLLC
Estate Planning for Same-Sex Couples After Obergefell
by: McBrayer, McGinnis, Leslie & Kirkland, PLLC
CMS Sends a Lifeline on Stark after Tuomey Affirmed: What Health Providers Should Know
by: Anne-Tyler Morgan
Disparate Impact Claims Fair Game under the Fair Housing Act
by: Preston Clark Worley
How Should Employers Provide Bathrooms for Transgender Employees? OSHA Has the Answer.
by: Amy D. Cubbage
Congratulations on the Birth of Your New Tax Exemption! (Tax Breaks for New Parents)
by: Matthew Koch
NLRB Protects a New Kind of Employee Activity: Worrying About Your Job
by: Luke A. Wingfield

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins