Office for Civil Rights (OCR) Director Roger Severino made major suggestions into upcoming 2017 HIPAA enforcement in his opening talk at Health Datapalooza 2017.
Severino is the newly appointed Director of the Department of Health and Human Services’ (HHS) OCR. He said that OCR is “mindful of the regulatory side of things,” and spoke about enforcement of the HIPAA Privacy and Security Rules in the changing face of medical technology and health care IT.
OCR will “adapt to changing circumstances” of data security and interoperability through 2017 HIPAA enforcement in the months and years ahead. Data security was the biggest part of Severino’s talk, especially the security of protected health information (PHI) of patients. Addressing security is only one part of HIPAA regulation, which also sets robust standards for the privacy and integrity of health care data.
Director Severino echoes the same sentiments as HHS Secretary Tom Price, who focused specifically on health care IT and data usage in his talk earlier this session.
Upcoming 2017 HIPAA Enforcement
Severino suggested that OCR 2017 enforcement of HITECH and the HIPAA rules will be expanding to into ransomware, interoperability, and medical apps. He mentioned the growing severity of ransomware incidents over the past year, in addition to the recent $2.5 million fine that OCR levied against medical device company, CardioNet.
Mobile apps are going to be intensely scrutinized by OCR in the years ahead. Severino specifically went out of his way to cite concerns about how mobile apps need to work within the HIPAA rules. The goal here is increasing interoperability of health care data and working with patients to better their quality of care.
Effective interoperability for health care providers is a balancing act or data security. Severino spoke about the importance of trust between patients and their providers. Health care data breaches lead to financial risk and a serious lack of trust between patients and physicians. “If health care information is not protected, the relationship [between patient and provider] breaks down.”
Data breaches are one of the most intense risk areas for physicians in today’s health care market–and implementing effective HIPAA privacy and security mechanisms is one of the best ways to avoid that harm.