OCR is offering HIPAA Enforcement Training to help State Attorneys General enforce the HIPAA Privacy and Security Rules and file federal civil lawsuits for HIPAA violations.
Lessons Learned: HHS and OCR are serious about Privacy and Security in Health Care. Policies and procedures play a critical role in an organization’s culture of privacy and security and need to be updated as requirements, risks, regulations, etc. change. Health care organizations will need to conduct internal audits and assessments rather than waiting for the OCR or AGs to arrive. All employees and business associates must understand how to safely handle patient information and maintain a culture of privacy and security.