HIPAA Watchdog Has A Big Blind Spot

December 9, 2013 – In The News

William H. Maruca was quoted in the Law360 article “HIPAA Watchdog Has A Big Blind Spot.” While the full text can be found in the December 9, 2013, issue of Law360, a synopsis is noted below.

A recent inspector general’s report indicates that federal regulators have been relying on whistleblowers and corporate honesty instead of proactive audits to enforce privacy protections covering sensitive health information.

One of the report’s key findings was that the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has little money to perform congressionally mandated audits to gauge whether health care providers, insurers and clearinghouses are abiding by the rules of the Health Insurance Portability and Accountability Act (HIPAA).

Last year, the OCR conducted 115 audits under a pilot program, and almost 90 percent of the businesses surveyed had problems with HIPAA compliance, suggesting that the lack of permanent audits is allowing many shortcomings to slip through the cracks.

While the inspector general’s report may have motivated the OCR to seek some sort of workaround that allows for audits despite the limited funding, the prospect of Congress stepping up and providing extra cash seems like a long shot.

“Nobody’s coming up with any new government money these days – it’s all a question of how you reallocate what’s already there,” said Maruca.

Although some businesses might be relieved to hear about the OCR looking a little less powerful, there is a flip side. Regulators could be tempted to compensate by making examples of violators with stiff punishments that send a message.

“If you can’t audit everybody, you’ve got to scare everybody,” Maruca said.