OCR Building HIPAA Audit Plan With Outside Help
When asked if it will audit entities who report breaches of unsecured protected health information (PHI) affecting 500 or more individuals, OCR tells HealthLeaders Media it has not "determined how the HITECH audit requirement will be implemented."
HITECH requires OCR to post on its website those entities who report the 500-or-more patient information breaches.
As for breaches below the 500 mark, OCR says it does not intend to publish breach information on those report.
"However," OCR says, "summary data will be included in OCR's annual report to Congress about breaches."
Though no enforcement plans have been announced regarding HITECH provisions, OCR says it is serious about it. OCR gained 36 FTEs dedicated to HIPAA privacy and security rule compliance and enforcement this fiscal year and is now up to 132.
OCR has obtained corrective action—meaning entities taking significant and important actions to change practices to come into compliance with the privacy rule—in more than 14,900 cases since 2003.
"They're focused clearly on compliance," McMillan says.
The CEO praised OCR for reaching out to the industry–and general public–regarding its "Request for Information for Accounting of Disclosures Rulemaking."
In that May 3 Federal Register posting, OCR asks providers and the public several questions to help it produced a proposed rule on accounting of disclosures on EHRs; that HITECH provision is due out in June and gives patients greater rights to disclosures on their EHRs.
"They're engaged," McMillan says. "They're not afraid to talk about this. I think they're doing a lot more that most folks aren't seeing yet."
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- How Top-Ranked MA Plans Earn Their Stars
- Readmissions: No Quick Fix to Costly Hospital Challenge
- How Hospitals Can Become 'Upstreamists'
- 4 Ways to Lower the Cost to Collect from Self-Pay Patients
- House Calls Key to Pioneer ACO Success
- How Telehealth Pays Off for Providers, Patients
- 4 Tips for Managing Employed Physicians
- WellPoint Dominates Nearly Half of Markets, AMA Says
- Defensive Medicine Still Prevalent Despite Tort Reform
- CMS Offers Some ACOs $114M for 'Upfront' Costs