The scope of the OCR is starting to get even more focused. Now they are looking for security breaches of 500 records or fewer. It’s time to stop, reset, get your race car ready, and focus on your HIPAA security plan. I’ll take the mighty Audi RS4 to the finish line! What will you drive? And who will be your co-pilot?
The Department for Health and Human Services’ Office for Civil Rights announced it will begin to increase the number of investigations into smaller HIPAA privacy breaches, Rachel Irving Pitts of The National Law Review reports.
The new initiative will look into more breaches affecting fewer than 500 individuals, with the OCR looking at factors including the improper disposal of PHI, IT systems hit by hackers, and failures to correct systemic problems as reasons to conduct investigations. “Regional offices will still retain discretion to prioritize which smaller breaches to investigate, but each office will increase its efforts to identify and obtain corrective action to address entity and systemic noncompliance related to these breaches,” the OCR writes.