According to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), there have been 66% more HIPAA breaches since the start of 2017 than reported in all of 2016.
OCR lists all Meaningful Breaches on the Breach Report Portal, otherwise known as the OCR Wall of Shame. Since the start of 2017, there have been 221 breaches reported that constitute a HIPAA violation, versus 133 for all of 2016. With three months left of the year, that percentage is only going to become more significant by the end of 2017.
HIPAA regulation classifies a Meaningful Breach as a data breach affecting more than 500 individuals. As per the HIPAA Breach Notification Rule, Meaningful Breaches must be reported to HHS OCR no later than 60 days after their discovery. Health care organizations experiencing a Meaningful Breach may also be required to inform local news media and local authorities about the HIPAA breach upon discovery as well.
So far, HIPAA fines have reached $17.1 million since the start of 2017. Compare that to $23.5 million in 2016, and just $6.2 million in 2015.
HIPAA Breaches: Enforcement Trends Under Trump Administration
Newly appointed Trump Administration OCR Director, Roger Severino, has indicated that the agency has set its sights on continuing to enforce HIPAA compliance violations.
Severino was quoted in early September, saying that: “At most I will say the big, juicy case is going to be my priority and the methods for us finding it–stay tuned.” All indications point to a continuation in the historically uncharacteristic HIPAA fines and settlements that have come to characterize the past four years of HIPAA enforcement.
Severino went on to say that: “Just because you are small doesn’t mean we’re not looking and that you are safe if you are violating the law. You won’t be.”
Stringent enforcement tactics, combined with a marked 66% increase in Meaningful Breaches sets the stage for more HIPAA fines in the future. The Trump Administration has continued the momentum behind this new wave of regulatory strictness, and all signs indicate that they’re going to get even worse by the time 2017 reaches a close.
Basic Telehealth Legal Issues: Rules, Regulations & Risk Management
Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!