HIPAA fines at record levels, but experts say don't panic about audits


Six months in, 2016 already is a record-breaking year for HIPAA enforcement actions from the Health and Human Services Department's Office for Civil Rights, reports HealthcareInfoSecurity.com.

The recent $2.75 million penalty against the University of Mississippi Medical Center was the ninth enforcement action this year. OCR has levied almost $15 million in fines this year, compared to $6.2 million for all of last year.

The OCR said in the article that it is focused on “ongoing threats to PHI, and where there are patterns of noncompliance that appear to be pervasive.” It also said to expect more enforcement actions through the end of the year.

The record number of records breached in 2015 surely will lead to more enforcement actions, according to Dan Berger, CEO of security consulting firm Redspin, as well as increased pressure from Congress and the HHS Office of the Inspector General for the industry to crack down on this problem.

At the same time, the second round of HIPAA audits shouldn’t be reason to panic, Jennifer Rathburn, co-chair of the Data Privacy & Security Team at Quarles and Brady told HealthITSecurity

Those desk audits are expected to focus on how well organizations adhere to the HIPAA Privacy, Security, and Breach Notification Rules.

“The good news is they’re not nearly as invasive as phase one, not at all,” Mike Overly, an information security lawyer with Foley & Lardner, said in the article.

To learn more:
- read the HealthcareInfoSecurity.com story
- check out the Health IT Security article