The HITECH provisions of the American Recovery and Reinvestment Act gave the HHS Office for Civil Rights new and stronger powers to enforce HIPAA privacy regulations and shifted HIPAA security enforcement to OCR from CMS. The office intends to take full advantage of its widened authority, which includes the ability to impose civil fines of as much as $1.5 million per violation.
"OCR has significantly strengthened tools with which to obtain compliance," Marilou King, acting senior advisor for privacy compliance and enforcement in HHS's Office of General Counsel Civil Rights Division said at a conference last week, reports Government Health IT. "And the goal of the enforcement program will be to obtain compliance from covered entities and from new regulated entities as HITECH has authorized," King added.
The goal is to "infuse consumer confidence to put their information into electronic health records and to advance sharing this information in order to improve the quality of healthcare and the efficiency that the industry needs," explained Susan McAndrew, deputy director for privacy at OCR. Otherwise, talk of privacy would just be an empty promise.
Another OCR official said the office has received more privacy and security complaints this year than it had at this point in 2009. Most complaints do lead to an investigation, and nearly three-fourths of complaints investigated do lead to some change on the part of the provider or health plan, OCR health information privacy specialist David Holtzman said.
For more information:
- read this Government Health IT story