HIPAA Blog

[ Thursday, September 03, 2020 ]

 

 Interestingly, as this article by Sidley points out, through the first 3 quarters of 2020, it appears that OCR has only issued 3 major settlements involving HIPAA, all of which involve Security Rule issues.  All involved breaches: one stolen laptop, one hacked email (phishing,I'm sure), and one settlement that could've been avoided if the provider had simply accepted the help OCR offered (see the Children's Medical Center of Dallas settlement of a few years ago for a similar example of failing to grab the proffered lifeline).

Why so few?  You'd have to ask OCR, but I think the pandemic is the primary cause.  First, the pandemic and the response to it have required creative solutions, and OCR is likely trying to tread lightly and grnt lots of leeway to those who are trying to do good but instead fail.  Also, due to the pandemic and preparations such as ventilator rationing strategies and other potential overflow triaging, OCR's current focus has been on the "civil rights" side of its mission -- making sure those rationing and triaging strategies don't violate the civil rights of certain vulnerable populations.  Regardless, barring egregious circumstances, I think OCR will continue to eschew the whip hand, and offer a helping hand instead.


Jeff [1:17 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template