There’s a New HIPAA Sheriff in Town

Posted on July 23, 2014 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List 

On OCR Director Jocelyn Samuels

1-darrellpruitt

[By D. Kellus Pruitt DDS]

When the explosions of breaches of patients’ medical identities occur – as predicted by the FBI and others – will the new OCR Director Jocelyn Samuels continue to be as sympathetic and forgiving as Leon Rodriguez has been?

Or; will she take on the role of bad cop?

 

The Replacement

Samuels, who is tying up loose ends in her current position with the civil rights division at the Department of Justice, has replaced Rodriguez as the new head of the HHS’ Office for Civil Rights – which prosecutes HIPAA violations. Many are wondering about her level of enthusiasm for enforcement, especially since data breaches are only getting worse, not better.

Privacy and security attorney Adam Greene, who once served as a member of the OCR staff, tells GovInfo that the challenge for Samuels is “to strike the balance where HIPAA is seen as having ‘teeth’ but covered entities and business associates can still count on OCR as being reasonable when there are areas of ambiguity or privacy or security issues occur despite good efforts at compliance.”

(See: “Impact of New HIPAA Enforcement Leader – Are New Strategies, Directions on the Horizon?” by Marianne Kolbasuk McGee for GovInfoSecurity.com, July 11, 2014).

http://www.govinfosecurity.com/impact-new-hipaa-enforcement-leader-a-7049/op-1

Healthcare Harm

Principals in healthcare – providers and patients – continue to be harmed by EHRs designed to satisfy third-parties’ questionable Meaningful Use requirements rather than principals’ needs. For example, on April 8, the FBI warned that EHRs are becoming increasingly vulnerable to hackers. (See: “Health Care Systems and Medical Devices at Risk for Increased Cyber Intrusions for Financial Gain”).

http://www.illuminweb.com/wp-content/uploads/ill-mo-uploads/103/2418/health-systems-cyber-intrusions.pdf

Under Rodriguez, OCR has arguably spared the rod (mostly), choosing instead to discuss and correct HIPAA violations in an informal, private, non-punitive manner. I think both Rodriguez and Secretary Sebelius backed off of more aggressive enforcement because they recognized that without cooperation from doctors and patients, EHRs are certain to fail – mandate or no mandate. Nevertheless, it has proven to be far too easy for stakeholders who cannot be held accountable to patients, to marginalize their needs.

Jocelyn Samuels

[New OCR Director Jocelyn Samuels]

Example

Rodriguez did his best to appease all sides. For example, it was under his watch that the name of the HHS website listing breaches of 500 or more patients’ identities was changed from “Wall of Shame” to the more benign “HHS Breach Reporting Tool.”

For hapless providers whose data breaches were unavoidable, the name change eliminates some of the shame associated with being nationally recognized as a careless doctor who cannot keep thieves from stealing patients’ identities.

Assessment 

As long as there is nothing holding down the cost and liability of HIPAA compliance, there will always be room for more regulation, and the cost of healthcare will never be cheaper.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Filed under: Pruitt's Platform, Risk Management | Tagged: , , , , | 5 Comments »