OIG targeting HIPAA enforcement in 2016: Is your practice ready?

Patrick Davey

By W. Patrick Davey, MD, MBA

Two recent reports issued by the Office of Inspector General (OIG) for the U.S. Department of Health and Human Services (HHS) conclude that the Office for Civil Rights (OCR) needs to improve and expand its health privacy and data breach enforcement efforts.

The OIG reports highlight weaknesses identified in OCR’s HIPAA oversight and enforcement activities and suggest that OCR’s current program is primarily reactive and does not proactively assess possible noncompliance with HIPAA.

The reports list the ways in which OCR plans to address the challenges identified, foreshadowing OCR enforcement priorities going forward.  Notably, the agency made clear that it plans to identify a pool of potential audit targets and fully launch a permanent audit program in early 2016.

Over the next few months, OCR will refine the audit protocols, cull a pool of potential audit subjects, and implement a screening tool to assess information about potential audit subjects.

The reports signal the importance for all dermatologists to maintain robust privacy and security programs. You can benchmark your preparedness and HIPAA compliance against the existing protocol and other guidance available on the OCR Health Information Privacy website.

The Academy also has resources to help your practice maintain HIPAA compliance. The AAD’s HIPAA Manual is designed to ensure your practice is compliant with the final HIPAA regulations. It’s available in print and as an e-book

AAD HIPAA resources: