On January 13, 2015, Jocelyn Samuels, director of the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services, briefed reporters on the agency’s HIPAA enforcement priorities, noting a focus on threats to electronic health information, or ePHI.
Normally I do not like to comment on cases that are not final or court opinions that do not have a definitive outcome on a case. But this is an exception because of the topic, which is HIPPA and privacy, which can get overlooked too frequently.
Under HIPAA rules, covered entities are required to report breaches of unsecured protected health information (PHI) to the Secretary of the Office of Civil Rights (OCR). The deadline for reporting breaches of PHI discovered during 2014 that affected fewer than 500 individuals is March 1, 2015.
As she had done in 2014, Marla Durben Hirsch interviewed my partner Elizabeth Litten and me for her annual Medical Practice Compliance Alert article on compliance trends for the New Year.
As we reported, state Attorneys General have authority to enforce the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), pursuant to the authority granted under the Health Information Technology for Clinical and Economic Health (HITECH) Act.