OIG Review Finds OCR’s HIPAA Privacy Investigation Practices Lacking
October 7, 2015 | Risk Management News
The Office for Civil Rights' (OCR) oversight of the Health Insurance Portability and Accountability (HIPAA) privacy rule is primarily reactive and should be strengthened, according to a September 2015 report from the U.S. Department of Health and Human Services' Office of Inspector General (OIG). Among other shortcomings, OIG noted that OCR has not yet fully implemented its audit program to identify potential instances of noncompliance; rather, it relies on complaints to direct its investigations. OIG also noted that OCR does not have a consistent system for ensuring that corrective actions put in place as a result of investigations are actually carried out.