Earlier this year, the Obama administration submitted its budget proposal for fiscal-year 2017. The OCR Budget in Brief details the increased budget–$1.15 trillion of which is allotted for the Department of Health and Human Services (HHS). $43 million of these funds will go to the Office for Civil Rights (OCR), and $82 million will go to the Office of National Coordination for Health IT (ONC).
With the new budget, HHS will be able to pursue its initiatives more efficiently. OCR plans to increase its team of on-staff auditors in preparation for the next round of HIPAA compliance audits. ONC aims to facilitate electronic transfer of protected health information (PHI). In a push to ensure patient privacy and security, the proposed budget prioritizes HIPAA compliance audits, which are enforced by OCR. The increased funding would also allow both OCR and ONC to modernize their security efforts by way of implementing more advanced healthcare IT infrastructure.
Congress rejected proposed funding for permanent HIPAA compliance audits in the fiscal-year 2016 budget. Still, OCR officials announced the start of its Phase 2 HIPAA audit program this March, before this year’s budget proposal increases had even been approved. The program was a result of the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, which affects over 4,600 facilities and more than 11 million patients per year.
Because OCR is responsible for policy development and regulatory enforcement, they are providing outreach to inform covered entities about their rights and protections, as well as their obligations. Incoming audits are expected not only to enforce HIPAA compliance, but also to offer practical assistance and remediation plans to improve the integrity and security of PHI. As stated in the budget brief, they are a “proactive approach to evaluating and ensuring HIPAA privacy and security compliance.”
Organizations and covered entities beholden to HIPAA–as well as their business associates–will be thoroughly and periodically reviewed to assess compliance with HIPAA Privacy, Security, and Breach Notification Rules. Through this process, OCR resolves over 4,500 cases of discrimination annually, concerning issues such as race, nationality, sex, and disability. And in 2015, they addressed over 16,000 complaints of HIPAA violations. Healthcare organizations can review the protocol in anticipation of the expected audits.