February 24, 2023 Believe it or not, the Office for Civil Rights kicked off NBA All-Star Weekend with their very own showcase of HIPAA enforcement’s latest and greatest. Last Friday the government released not one but two annual reports starring key HIPAA enforcement activities from 2021. While you probably won’t be seeing these reports featured on the next SportsCenter Top 10, the insights that they provide into recent healthcare data breaches and HIPAA noncompliance cases are certainly worthy of a highlight reel. So to give your practice some helpful pointers on how your compliance efforts should be focused, let’s break down the most important stats from each report: OCR’s 2021 Report to Congress on HIPAA Privacy, Security and Breach Notification Rule Compliance The biggest takeaway? Between 2017 and 2021, the OCR has seen a 39% increase in the number of HIPAA complaints received and in turn, has initiated 44% more compliance reviews. Meaning that not only are your patients paying more attention to non-compliance, but the government is too. OCR’s 2021 Report to Congress on Breaches of Unsecured Protected Health Information Now, what does all this data really mean? OCR Director, Melanie Fontes Rainer, made the intentions of these reports clear in her statement saying, “We will continue to provide guidance and technical assistance on compliance with the HIPAA Rules, as well as a vigorous enforcement program to address potential HIPAA violations.” Meaning that not only do each of those statistics provide eye-opening insight into what’s going on in the healthcare industry, but they help identify exactly what areas of compliance are too commonly overlooked. And when it comes to ensuring your practice has an all-star compliance line-up, here’s what the OCR identified as the top areas for needing improvement: So knowing what common compliance gaps exist and what a winning HIPAA program looks like, the ball is in your court. You wouldn’t put a rookie up against LeBron, and the findings from these reports are perfect examples of why you can’t go head-to-head with an evolving healthcare industry without having both compliance AND cybersecurity on your team.
