2017 HIPAA Enforcement – Appears Not To Be Slowing Down

Matthew P. Chiarello • May 9, 2017

To state the obvious, there has been some uncertainty regarding how the Trump Administration will affect federal agency enforcement efforts.  However, at least, in regard to HIPAA Privacy and Security, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”), appears to be unchanging in its previous course.

In the first four months of 2017, OCR has already announced seven settlements with covered entities and business associates with fines totaling over $14 million.  For some context, OCR assessed over $23.5 million in 2016, which was a record-breaking year.  These settlements are in addition to Phase 2 of OCR’s Privacy, Security, and Breach Notification Audit Program, which started in 2016 and is likely still underway.

The Phase 2 audits are being conducted in three rounds.  Rounds 1 and 2 were remote desk audits of covered entities and business associates, and examined compliance with specific requirements of the Privacy, Security, or Breach Notification Rules.  Although Round 2 was expected to start in late September 2016 and end by December 2016, OCR delayed the start of Round 2 until after the 2016 Thanksgiving holiday. Round 3 is onsite audits of covered entities and business associates and will examine a broader scope of requirements from the HIPAA Rules than desk audits.  Some desk auditees may be subject to a subsequent onsite audit.

In late March, the Trump Administration appointed Roger Severino as the Director of OCR.  Mr. Severino comes from the Heritage Foundation, a conservative think tank.  Generally it is too soon to determine how the new leadership will affect OCR’s HIPAA enforcement efforts in the long term.  However, given the fact that HIPAA enforcement is not a major partisan issue, particularly when compared to health reform, it is possible that OCR may continue its course.

Therefore covered entities and business associates may be well advised to continue their course in HIPAA compliance efforts, which include, amongst other things, implementing privacy and security policies and procedures, ensuring business associate agreements are executed, and conducting risk analysis to assess the risks and vulnerabilities of e-PHI.

Employee burnout: what it is and how to prevent it

By Mardy Gould May 24, 2024
Employee burnout has become an epidemic in today’s modern workplace. So much so that the World Health Organization (WHO) officially recognizes it as an “occupational phenomenon.”1 While many used to consider mounting workplace stress an individual employee problem, these days, it’s become an employer’s responsibility to prevent burnout before it hurts productivity and business performance—not to mention your employees’ physical and mental health. Luckily, you can prevent burnout from affecting your workforce in several ways. This article will explore the causes and signs of employee burnout and the steps you can take to create a positive work environment where employees feel safe from toxic stress levels.

Form 720 and PCORI fee FAQs

By Mardy Gould May 23, 2024
If you're a small business owner, you may have heard of the acronym PCORI and the fees that come with it. But what is PCORI, and how does it apply to your organization? Under the Affordable Care Act (ACA), sponsors of self-insured health plans must pay a fee to fund the federal Patient-Centered Outcomes Research Institute (PCORI). PCORI is an independent organization the ACA created to conduct research to help healthcare consumers make better decisions for their specific needs and outcomes. It also performs research related to clinical effectiveness. Employers offering a self-insured medical reimbursement health plan, such as a health reimbursement arrangement (HRA), must pay this fee by July 31 each year via Form 7201. This fee was initially set to expire in 2019, but Congress extended it through September 30, 20292, due to the Further Consolidated Appropriations Act of 20203.
More Posts