New OCR Director Makes First Speech on OCR HIPAA Enforcement
New OCR Director, Jocelyn Samuels, has chosen National Health IT Week to make her first major speech as head of the government’s HIPAA enforcement team.
Samuels took over from Director Leon Rodriguez earlier this year at a time when the second round of compliance audits were in the process of being finalized. The audits are scheduled to take place this fall and the healthcare industry is keen to discover the new director’s plans for enforcing HIPPA.
Samuels has a wealth of experience in federal law enforcement having previously served as acting assistant attorney general for civil rights at the U.S. Department of Justice where she was tasked with enforcing the government’s regulations on discrimination. She also served as senior policy attorney at the Equal Employment Opportunity Commission, although she has not previously worked in the healthcare sector.
In her 10-minute speech at the ONC’s 2014 Consumer Health Summit in Washington, Samuels announced that the OCR will be enforcing privacy provisions to ensure patients are given access to their health records. She believes it to be critical that patients are allowed access to their health records. Access rights one of the main elements of the HIPAA Privacy Rule and this could be an indication that this will be specifically assessed during the next round of audits.
Samuels also announced that from October 6, patients will be allowed to access their test results directly from laboratories as well copies of their electronic health records from their healthcare providers. One of the OCR’s short term aims will be to educate consumers about their rights under HIPAA.
Samuels pointed out the OCR has taken its enforcement role seriously in recent months and has already issued three substantial HIPAA penalties to organizations found to have breached HIPAA regulations. A $4.8 million settlement was reached with New York Presbyterian Hospital and Columbia University for a data breach affecting 6,800 patients, while two smaller – but still significant – penalties were issued to Affinity Health Plan and Parkview Health System for $1.2 million and $800,000 respectively.
Samuels confirmed that the OCR will be holding healthcare providers, health plans and business associates accountable for HIPAA violations and financial penalties will be issued; although she declined to comment on future plans of the OCR regarding its program of HIPAA compliance audits. An announcement on the coming audit program is expected to be issued soon, along with information about the financial penalties that it plans to issue for non-compliance.