Health Law Highlights

How HHS OCR Is Boosting HIPAA Enforcement; Here Come Audits

Summary of article from BankInfo Security, by Marianne Kolbasuk McGee:

The Department of Health and Human Services (HHS) is working on a proposed update to the HIPAA Security Rule and intensifying enforcement efforts, including resuming HITECH Act HIPAA audits. The focus is on the requirement for risk analysis, a significant weakness among regulated organizations, contributing to many breaches. HHS plans to update the HIPAA Security Rule by the end of the year to reflect technological and healthcare delivery changes over the last two decades. Despite its scalability and technology-neutral nature, the rule’s 20-year-old framework doesn’t reflect current healthcare practices, necessitating the integration of practices like end-to-end encryption. Additionally, the HHS has reopened HITECH audits and is proactively conducting them.