Tom Price was hired as secretary of the Division of HHS on February 10, 2017, substituting Sylvia Matthews Burwell. The change in management might see the main change in emphasis at the HHS, which might expand to the HIPAA implementation actions of the OCR.
The selection of a new executive for the OCR might not be on top of Price’s to do list, even though the new HHS secretary is supposed to hire a new OCR executive quickly. Price’s management and selection of OCR executive might have a main effect on the way OCR implements HIPAA Laws and how severe those implementation actions are.
Since accepting up the post of OCR Executive in July 2014, Jocelyn Samuels supervised a big increase in HIPAA implementation activity. The previous year, Jocelyn Samuels declared 12 agreements (as well as one CMP) with protected units who were found to have disobeyed HIPAA Laws during inquiries into data breaches – a record year of implementation for OCR.
Jocelyn Samuels also supervised the second stage of the much-postponed second phase of HIPAA conformity checks. The previous year, the checks finally started with roughly 200 protected units as well as HIPAA business associates caused to undergo a HIPAA conformity desk audit. Complete conformity checks have been planned for early 2017 as a part of the second stage. Samuels was eager to raise fiscal penalties for HIPAA breaches and make sure non-compliance was known and rectified, however, the management changes put future HIPAA implementation in suspicion.
Nevertheless, given the number of data breaches faced by the healthcare trade in the previous 12 months, it appears doubtful that OCR implementation efforts will be reduced.
“Since 2016 has seen a growth in the number of breaches to patient files, we suppose privacy protection and healthcare cybersecurity will be a central attention of the next management. We expect to see a much-required attention on keeping patient files safeguarded and out of the reach of criminals and malevolent insiders,” says ICIT Fellow and Chief Executive Officer of Protenus, Robert Lord.
Could HIPAA Laws be Modified by Price?
HIPAA Laws are seen by several doctors to be excessively restricting. Tom Price is a doctor, and intrinsically, he will be very conscious of the load on physicians to abide by HIPAA rules. Although it’s unclear where Price stands on the Security, Privacy, and Breach Notice Laws, he has earlier supported the simplification of Meaningful Use loads by prolonging the timeline for conformity with the financial inducement plan. How his previous role as a doctor will influence his conclusions as HHS secretary is yet to be seen.
Certainly, a revision to the HIPAA Safety Law is expected, even though President Trump has made it pretty clear that his management is not in favor of the undue rule. For each new rule released by an agency, two rules should be removed. The rise in healthcare cybersecurity breaches might demand an update to the Safety Law and added rule, however, for the predictable future, added HIPAA rules are perhaps unexpected.
Any relaxation of HIPAA Laws is likely to have an adverse result on data safety. As several healthcare companies concentrate their cybersecurity plans toward accomplishing conformity with HIPAA, any lessening of HIPAA controls might see cybersecurity attempts decreased. If protected units are needed to perform less to keep files safe, this would likely result in a surge in healthcare data breaches. HIPAA Laws might, therefore, remain same for the predictable future.