Recent OCR Settlements: What You Should Know

Recent OCR Settlements: What You Should Know

Posted by CJ Wolf
Jan 7, 2021 10:50:19 AM

By now it’s no secret that 2020 completely upended the way healthcare organizations managed compliance programs. We had to become adopters or new technology, create new policies for  the ongoing pandemic, train employees remotely, and generally figure out how to do more, with less.

If all that wasn’t enough, we had to keep up with a constant stream of new guidance from every department of government from the Centers for Medicare & Medicaid Services (CMS) to the Office of Civil Rights (OCR). Of note for us compliance professionals, the OCR provided guidance suggesting they will not use the full power of their enforcement capabilities to pursue HIPAA Violations. But don’t be so complacent as to think that means HIPAA compliance has been completely forgotten, nor that HIPAA violations are not being investigated or fined.

On the contrary, HIPAA enforcement is alive and well, and OCR is regularly auditing, investigating, and announcing enforcement actions around areas they have officially relaxed.

In fact, every month we see new headlines of recent HIPAA enforcements, and their resolution agreements. All one has to do is visit HHS’s site to really get a sense of their ongoing efforts. Whether they are investigating organizations that failed to conduct risk analysis, HIPAA breaches, or for what they deemed “systemic non-compliance”, 2020 was another busy year for HHS' Office for Civil Rights.

But with so many different (and new) responsibilities we were asked to juggle in the past year, maintaining a firm grasp on everything we’re accountable for was a stress unlike any previous year.

Which is why we’re going to take the time to highlight some of the biggest fines that were handed out to healthcare organizations last year. Because around here, we believe the best way to anticipate future enforcement is to use the past as our guiding light.

Join our free upcoming webinar, “The Hazards of Being HIPAA Complacent,” on January 20 at 1 PM ET where I will get together with Brian Burton, Healthicity’s Chief Compliance & Privacy Officer, to discuss:

  • What OCR’s “Right of Access” Initiative Means to Your Organization
  • Where Recent HIPAA Violations Could Have Been Avoided
  • How Your Compliance Program Can Prevent HIPAA Violations

Webinar Details Here >>

Questions or Comments?