OCR Ends Year With Settlements That Tread Old Ground, Says New Rules Are Coming—Someday

Health Care Compliance Association (HCCA)
Contact

Health Care Compliance Association (HCCA)

Report on Patient Privacy 24, no. 1 (January, 2024)

If the penultimate enforcement settlement of 2023 issued by the HHS Office for Civil Rights (OCR) sounds familiar, that’s with good reason. And the last one of the year should ring some bells, too.

That’s because OCR’s two settlements announced in December for alleged HIPAA violations by an emergency medicine practice in Louisiana and a multispecialty group operating in parts of New Jersey and Connecticut demonstrate two common failings, both historic and more recent: lack of a security risk analysis and tardiness or nonresponsiveness to a patient’s request to access medical records.

But while these settlements might not have been surprising, another HHS announcement was: according to the most recent update of federal rules under development, OCR is planning to revise the security rule as part of an agency-wide effort.[1] In addition, officials described a new cybersecurity strategy for the health care sector.[2]

Along with its regulatory actions, OCR pledged to continue pursuing enforcement when there are alleged HIPAA violations. In 2023, the agency issued a total of 13 settlements—bracketed on both ends by exactly the type of cases with which it concluded the year.[3]

[View source.]

Written by:

Health Care Compliance Association (HCCA)
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Health Care Compliance Association (HCCA) on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide