Dive Brief:
- In light of recent health data breaches, the federal government has promised to crack down on hospitals, doctors offices and insurers for not adequately protecting patient information.
- But despite the large number of patients who are being affected by data breaches, the responsible organizations are seldom being penalized, according to ProPublica.
- Since late 2009, more than 1100 large-scale data breaches affecting more than 41 million Americans have been reported to the Office for Civil Rights. Only seven of those breaches resulted in fines.
Dive Insight:
Beginning this year, the OCR is required to perform periodic HIPAA privacy and security compliance audits. Phase 1 audits, which focused solely on covered entities, were completed in 2011 and 2012. Phase 2 audits, which will include both covered entities and business associates (e.g., medical billing companies, software vendors), are scheduled to begin at any time and be completed by June of 2015. "We've come a long way since HIPAA first came out," Angela Rose, director of health information management practice excellence at the American Health Information Management Association told Pro Publica. "In the coming years, it will get better. It will get more strict."