On March 27, 2017, Rachel Yount attended the Health Care Compliance Association’s Compliance Institute 2017, where Illiana Peters, a senior advisor at Health and Human Services, Office for Civil Rights (“OCR”), provided an “OCR Enforcement Update.”
Peters gave an overview of recent guidance issued by the OCR, including a guide to help cloud service providers understand their Health Insurance Portability and Accountability Act (HIPAA) obligations and a guide developed to help providers and business associates understand and better respond to the threat of ransomware. Providers should be on the lookout for a ton of upcoming guidance from OCR on such topics as text messaging, social media, and use of Certified Electronic Health Record Technology. The OCR will also update existing Frequently Asked Questions to account for Omnibus and other recent developments. Additionally, Peters addressed current trends in HIPAA enforcement, including lessons learned from settlement agreement cases and latest statistics on breaches reported to the OCR. As of February 28, 2017, 18% of HIPAA breaches reports are for breaches involving the use of laptops, 16% for breaches related to network servers, and 9% for breaches involving email.
Peters’s OCR update comes a week after President Trump appointed Roger Severino as the new Director of the OCR. Severino previously served as the Director of the DeVos Center for Religion and Civil Society in the Institute for Family, Community, and Opportunity at the Heritage Foundation, a conservative think tank.