OCR Building HIPAA Audit Plan With Outside Help
When asked if it will audit entities who report breaches of unsecured protected health information (PHI) affecting 500 or more individuals, OCR tells HealthLeaders Media it has not "determined how the HITECH audit requirement will be implemented."
HITECH requires OCR to post on its website those entities who report the 500-or-more patient information breaches.
As for breaches below the 500 mark, OCR says it does not intend to publish breach information on those report.
"However," OCR says, "summary data will be included in OCR's annual report to Congress about breaches."
Though no enforcement plans have been announced regarding HITECH provisions, OCR says it is serious about it. OCR gained 36 FTEs dedicated to HIPAA privacy and security rule compliance and enforcement this fiscal year and is now up to 132.
OCR has obtained corrective action—meaning entities taking significant and important actions to change practices to come into compliance with the privacy rule—in more than 14,900 cases since 2003.
"They're focused clearly on compliance," McMillan says.
The CEO praised OCR for reaching out to the industry–and general public–regarding its "Request for Information for Accounting of Disclosures Rulemaking."
In that May 3 Federal Register posting, OCR asks providers and the public several questions to help it produced a proposed rule on accounting of disclosures on EHRs; that HITECH provision is due out in June and gives patients greater rights to disclosures on their EHRs.
"They're engaged," McMillan says. "They're not afraid to talk about this. I think they're doing a lot more that most folks aren't seeing yet."
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- Senators Hear How Two-Midnight Rule Harms Patients, Hospitals
- 3 Management Lessons from a Supermarket Debacle
- Medicare Advantage Carriers See 'No Choice' But to Accept Cuts
- Physicians to Appeal 'Docs v. Glocks' Ruling in FL
- IOM Identifies GME Problems, Calls for Finance Changes
- Revenue Cycles Get a Boost from Simple JPEG Files
- CA Fines 8 Hospitals for Medical Errors
- Healthcare Costs Start With What We Eat
- Centralizing the Revenue Cycle Protects the Bottom Line
- As Medicare Advantage Cuts Loom, Disagreement Over Program's Stability