In early 2018, the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) cycled through multiple health privacy enforcement heads over a 4-month span. Despite this turnover, OCR tallied $28.7 million from its completed HIPAA enforcement actions in 2018 -an all-time record that easily surpassed the prior record of $23.5 million from 2016.

US HHS OCR set a record in dollar amount from enforcement actions in 2018

Everyone is fair game

And it’s not like OCR only targeted big fish, either. While Anthem ($16 million, record-setting settlement) is certainly was a big fish, OCR settled with Filefax, Inc., a bankrupt shredding company, for $100,000 and Allergy Associates of Hartford, a 3-physician practice, for $125,000.

While OCR successfully imposed enforcement action on 10 organizations, that does not account for the number of organizations that were investigated. Remember, even small practices and defunct business associates are fair game for OCR enforcement as we learned from 2018. Because of the potential for hefty penalties, an OCR investigation is one headache you would like to avoid, if possible.

Maintain a healthy compliance program

How can you stay out of OCR’s metaphorical jail cell (or even a literal jail cell)? A healthy, robust compliance program is the key. At Eagle Consulting Partners, we offer a wide variety of HIPAA compliance and risk management services, such as HIPAA Risk Assessments (or Risk Analyses), Risk Management retainers, and custom HIPAA policies and procedures. Click here to contact us!

REFERENCES:

• FierceHealthcare: OCR appoints Timothy Noonan as acting deputy director after losing its second health privacy lead in 4 months
• U.S. Department of Health and Human Services Office of Civil Rights: OCR Concludes 2018 with All-Time Record Year for HIPAA Enforcement
• U.S. Department of Health and Human Services Office of Civil Rights: Consequences for HIPAA violations don’t stop when a business closes