OCR Lacks Insight Into HIPAA Security Rule Compliance

Bloomberg BNA's Health IT Law & Industry Report

Alaap Shah and Ali Lakhani, Associates in the Health Care and Life Sciences practice, in the Washington, DC, office, co-wrote an article titled "OCR Lacks Insight Into HIPAA Security Rule Compliance."

Following is an excerpt:

As health care rapidly digitizes through adoption of electronic health records, mobile applications and the like, the risk of data breach is rising exponentially.

To effectively manage this risk, health care companies and their business associates must be vigilant by implementing and evaluating security controls in the form of administrative, physical and technical safeguards. Health care companies also have resources to assist them with managing risk.

Specifically, the federal agency for oversight of the Health Insurance Portability and Accountability Act (HIPAA)—the Department of Health and Human Services Office for Civil Rights (OCR)—is tasked with providing technical assistance to guide companies to achieve compliance with HIPAA security rules. Further, when companies fail to comply, OCR has stated that it takes its enforcement authority seriously and will work to obtain compliance where necessary.