The Department of Health and Human Services, HIPAA Privacy Rule’s enforcer, is hiring for two "Health Information Privacy Specialist" positions, HHS announced Thursday.
Does this mean stepped-up enforcement, as the new laws in the Health Information for Economic and Clinical Health (HITECH) Act suggest?
Probably not, one expert says.
According to the job description on www.usajobs.gov, the specialists, working out of the Office for Civil Rights (OCR), will be "responsible for reviewing, analyzing, implementing, promoting, or improving proposed or existing programs or policies needed to implement OCR's authority for ensuring compliance with the privacy of health information."
"I'm not sure the addition of these positions will actually strengthen OCR's enforcement activities," says Mary Brandt, MBA, RHIA, CHE, CHPS, president of Bellaire, TX-based Brandt & Associates, LLC. "In reviewing the job duties on the government's Web site, the focus of the new positions appears to be strictly in the policy arena."
OCR enforces the Privacy Rule and the confidentiality provisions of the Patient Safety and Quality Improvement Act through its Division of Health Information Privacy.
"We may see some additional clarifications or resources coming out of OCR when these positions are staffed, but they don't appear to be focused on complaint investigation or enforcement activities," Brandt says. "The job description notes that no travel is required, so these really look like desk jobs focused on policy analysis."
The Office of the National Coordinator for Health Information Technology issued a report May 18 that highlights how it will carry out HIPAA privacy and security regulations in the HITECH Act.
According to HHS, the federal government will spend about $24.3 million on privacy and security efforts, including:
- Audits
- Reports to Congress
- Training for state attorneys general
- Carrying out regulatory and enforcement requirements of HITECH
Nearly $10 million will do toward OCR and CMS audits. The former enforces the HIPAA Privacy Rule, the latter the HIPAA Security Rule.