New HIPAA Czar Says Small Providers Will Not Get Off Easy
Posted: October 5, 2017 to Compliance.
The OCR has a new enforcement czar, Roger Severino, and he’s out for blood. The chief of the agency that enforces HIPAA told the audience of the 10th annual “Safeguarding Health Information” HIPAA conference that his top priority will be to find a "big, juicy, egregious" breach case to use as an example from which others can learn. But, he added, just because he’s hunting for big bear, that doesn’t mean small healthcare providers will be able to hide. Severino insisted that even smaller providers, who have fewer resources to invest in sophisticated security methods, will still be targets. "Small providers are integral to our healthcare system. We know that. They provide more choice than just centralized institutions," he said. “But smaller provider organization have the same responsibilities as large institutions,” he stressed. "Just because you are small doesn't mean we're not looking and that you are safe if you are violating the law. You won't be." What’s driving this crackdown? First, there’s OCR’s massive caseload. OCR receives over 20,000 complaints per year. They can’t handle that kind of volume. And with the Trump administration’s commitment to small government, they cannot add staff. In fact, they’ve probably been told to reduce staff. So, they have only one option: Massive enforcement with big, juicy fines to “educate” the rest of the industry, bring them into compliance, and lower the number of complaints their agency must deal with. Second, there’s the growing international cybercrime epidemic. Severino mentioned the recent WannCry attack. He called it “a major disruption to our healthcare system and it certainly caused a major disruption overseas in England and some European countries." He said the attack drove home to him the importance of OCR’s commitment to “Make sure we are ready because the best solution is to make sure that no one is vulnerable to these attacks so that the confidentiality, integrity and availability of our health information is always preserved.” So, what does all this mean for you?- Cybercrime is the biggest criminal epidemic on the planet, according to Forbes. CNBC reports that over half of all businesses in the US have already been attacked. If you haven’t been hit, you will be. And if you’re not ready, OCR will find out and you’ll get a massive fine.
- You have limited resources to invest in sophisticated security methods and software to deal with this enormous threat.
- The federal government is targeting you in the same way it’s targeting major corporations. They are overwhelmed by the sheer volume of complaints and by the global threat they must deal with. So, they are out to teach non-compliant providers, even small providers, a hard lesson.