Home Care Law Blog Gilliland & Markette LLP

3905 Vincennes Road
Suite 204
Indianapolis, IN 46268
Phone: (317) 704-2400
Fax: (317) 704-2410

OCR unveils new HIPAA Enforcement website

Posted by: Robert Markette
April 24, 2007
Topic: HIPAA - Privacy

Yesterday the Office of Civil Rights (OCR) announced a new HIPAA Enforcement website. Click here to view site    This website contains information detailing OCR’s enforcement efforts from April 2003 up to March 31, 2007.  The website provides information on how OCR investigates Privacy complaints and what responses they obtain.  The website mentions that OCR primarily resolves complaints through the voluntary compliance of the covered entity, corrective action, or a resolution agreement.  The website does state that if the covered entity is unwilling to cooperate, OCR will impose Civil Monetary Penalties (CMP) on the agency.  
Another part of the site provides statistics on OCR’s enforcement actions over the last four years.  Interestingly, there is no mention of assessing CMPs against any covered entities.  This is not surprising, because there have not been any reports of entities being fined for non-compliance.  However, the fact that OCR mentions it on the website could mean that they are preparing to ratchet up enforcement.  

The actual numbers they provide are familiar as well.  Since April 2003, OCR reports receiving 26,408 complaints.  Of those, 20,477 have been resolved.  The 20,477 resolved complaints included 6,602 complaints worth investigating.  (That means only 32% of the complaints were even worthy of investigating.)  Of the 6,602 complaints investigated, corrective action was obtained in 4,447 cases.  (That means 22% of complaints filed resulted in covered entity taking corrective action.)

OCR touts their efforts to impose change on providers, which appears to be the case. (Although if your choice is to make some simple changes or pay a heft CMP, you would be foolish not simply go along with them.)  But as I have said before, the bigger picture here is that the vast majority of the complaints they receive are not worthy of even investigating further.  I think this provides some indication of the efforts by providers to follow the Privacy Rule.  It also should reassure providers that even if you make a mistake and a complaint is filed, you will have an opportunity to fix the mistake before you are penalized.

The website does mention that OCR has referred 348 cases to DOJ for criminal prosecution.  This should result in some additional insight into DOJ’s position on criminal prosecutions under HIPAA.  There have not been many and a few years ago, DOJ indicated it would not be prosecuting cases under HIPAA.   

The website also contains case examples of violations for which corrective action was required.  In one case a provider would only provide a patient with a summary of the patient’s record.  In another, the provider was disclosing information to other entities for arguably business associate but the entities were not proper business associates.  (I assume that means they did not have the appropriate contracts in place, as there is no other “requirement” regarding business associates.)

I had hoped the case examples portion of the website would provide more details on OCR’s position on the alleged violations, as this would serve a function similar to OIG’s advisory opinion website.  However, the “enforcement highlights” are one or two sentence summaries and do not provide any information on what the provider did wrong or why OCR thought is was a violation.  If the website contained more facts, other providers could use the information to guide their own compliance efforts.  Perhaps in the future OCR will provide more information so that this website will provide additional guidance to providers.  There is nothing like real world examples to illustrate what a rule or regulation means.


         

News

Health Care

[08/15] Catalyst Pharmaceutical Partners Reports Second Quarter 2008 Financial Results
[08/15] Salmonella outbreak winds down; questions remain
[08/15] 6 get Legionnaires' disease in upstate NY; 1 dies
[08/15] NYC heroes lift bus off pregnant woman; baby saved
[08/15] NYC heroes lift bus off pregnant woman; baby saved
[08/15] Former half-ton man endures hard times in Nebraska
[08/15] AP Interview: Doctor behind executions speaks out
[08/14] University Hospitals Receives $22.6 Million Donation from Harrington and McLaughlin Families
[08/14] The National Kidney Foundation's 7th Annual Ronald D. Paul Companies Kidney Walk to be Held on Saturday, September 20
[08/14] Best Practice Database adds Research on New Product Launch
Read More

Web Resources

FindLaw
Thomson West
U.S. Courts
Westlaw
United States Chamber of Commerce
FirstGov
Legislative Branch
Library of Congress
White House
Internal Revenue Service
National Weather Service
Yahoo!Maps
YellowPages.com
New York Times
Newspapers Online
USA Today
Wall Street Journal
AOL
Google
Yahoo!Legal Blog Directory  

The information you obtain at this site is not, nor is it intended to be, legal advice. You should consult an attorney for individual advice regarding your own situation.

Copyright © 2008 by Home Care Law Blog Gilliland & Markette LLP. All rights reserved. You may reproduce materials available at this site for your own personal use and for non-commercial distribution. All copies must include this copyright statement.