Wave of HIPAA Complaints Leads to OCR Restructuring
Last week, the HHS released an announcement detailing new divisions within the Office for Civil Rights (OCR), restructured in response to the recent increase in HIPAA compliance and enforcement needs. This includes the formation of a new Enforcement Division, Policy Division, and Strategic Planning Division.
Why the Change?
The OCR has been overloaded with cases regarding the privacy of patient information, “increasing to over 51,000 complaints in 2022,” following a record year of 34,000 complaints in 2021. OCR Director Melanie Fontes Rainer said, “Today’s reorganization improves OCR’s ability to effectively respond to complaints, puts OCR in line with its peers’ structure and moves OCR into the future.”
Reported data breaches in which the protected health information (PHI) of 500 or more individuals was compromised increased from 663 cases in 2020 to 714 cases in 2021. 80% of these breaches were due to hackers getting access to data. Because of these trends, the OCR’s Health Information Privacy Division (HIP) is being renamed the Health Information Privacy, Data, and Cybersecurity Division (HIPDC).
What This Means
Changes to divisions within the OCR should allow for “greater implementation and enforcement of the law.” They will create opportunities for teams to be built around more focused skill sets. Additionally, the Strategic Planning Division will “expand data analytics and coordinate data collection across HHS leadership.”
It’s important for you to know that the OCR’s HIPAA compliance enforcement efforts are increasing, not slowing down. Our goal is to help you avoid the costly effects of a data breach by ensuring you’ve taken the best measures to protect your patient’s data. We’re here to bring clarity and confidence to your compliance journey, so that you can focus on providing the best patient care.
How Medcurity Can Help
How can you keep yourself from becoming one of the latest list of organizations who’ve had sensitive data stolen or compromised? The first critical step in this journey is to conduct a complete Security Risk Assessment, recording in detail where all PHI is being stored, and what threats/protections surround it. At Medcurity, we’ve created a platform to help you simplify the risk assessment and get the most out of the information you collect. Our easy-to-use toolkit contains everything you need, with built-in guidance and term definitions throughout.
As soon as the assessment is completed, Medcurity automatically generates a complete prioritized task list for improving compliance. This means that the assessment provides real, actionable value to your organization, and you can receive clear next steps for how to better protect you and your patients from data theft.
Our SRA platform always reflects current HIPAA requirements, so that you don’t have to worry about missing a piece. Contact our team to get a demo of the platform today!
If you have any questions about new changes from the OCR or what is or is not required by HIPAA, reach out to your team at Medcurity.