Healthcare suppliers, healthcare clearinghouses, health policies, and business associates of those companies should abide by HIPAA, however, what national division controls HIPAA and takes action versus companies that do not abide by HIPAA Laws?
What National Division Controls HIPAA?
HIPAA is controlled by the Division of Health and Human Services’ OCR. Since the launch of the HIPAA Implementation Law in March 2006, OCR was given the authority to probe grievances concerning HIPAA breaches. OCR was also provided the permission to issue civil monetary fines if HIPAA-covered units were found to have breached HIPAA Laws.
Although OCR had the authority to issue monetary fines, it is comparatively unusual for HIPAA breaches to lead to monetary fines. During the years since the Implementation Law was passed, OCR has gradually increased implementation of HIPAA Laws, even though it has just been in the past 4 years that monetary fines for HIPAA breaches have become more usual.
Since the ratifying of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009, OCR has been needed to issue particulars of data breaches. The listing of breach information, habitually mentioned as OCR’s ‘Wall of Shame’, record a constant increase in healthcare data breaches year on year.
Since the number of data breaches and reports of HIPAA breaches increased, OCR came under growing tension to implement HIPAA Laws more forcefully. The first stage of HIPAA conformity audits in 2011/2011 also exposed that there was extensive nonconformity with the HIPAA Security, Privacy, and Breach Announcement Laws.
The previous 3 years have seen highest breaching numbers of HIPAA agreements reached with protected units for the failure to abide by HIPAA Laws. In 2016, there were 12 agreements reached with protected units and 1 civil monetary fine issued.
The issuing of monetary fines is just a small portion of OCR’s part in controlling HIPAA. OCR often settles HIPAA breaches by issuing technical supervision to protected units to assist them to tackle specific sides of HIPAA Laws. OCR also frequently issues rules to verify how HIPAA applies to specific conditions and latest technologies.
State Attorneys General Too Help with HIPAA Implementation
The HITECH Act provided state attorneys general the authority to help OCR with HIPAA implementation and take action versus HIPAA-protected units as well as their business associates that breached the secrecy of inhabitants of their respective states.
There have only been a few monetary fines declared by state attorneys general for HIPAA breaches since 2009, with the bulk of states selecting not to use their HIPAA implementation rights. In several cases, when HIPAA Laws are found to have been breached, state attorneys general prefer to act on violations of state laws instead of HIPAA. Up till now, HIPAA fines have only been issued by state attorneys general in Minnesota, New York, Massachusetts, Connecticut, and Vermont.