OCR could hand down some whopping fines for HIPAA violations later this year, privacy attorney Adam Greene told govinfosecurity.com in an interview.
"We've heard anecdotally that [OCR] has a significant pipeline of unprecedented settlement agreements, meaning particularly high amounts" of financial penalties, says Greene, a partner at Washington law firm law firm Davis Wright Tremaine, who previously worked for the Department of Health and Human Services' Office for Civil Rights.
The industry could see "some really surprising settlement agreements [and] potential record-breaking" financial penalties later this year, he said.
An OCR attorney made a similar prediction nearly a year ago. Jerome B. Meites, OCR chief regional counsel for the Chicago area, said the HIPAA nforcement actions over the past year would pale in comparison to the next 12 months.
He was referring to nine settlements in the previous year totaling more than $10 million, including a record $4.8 million fine announced in May 2014 against New York-Presbyterian Hospital and Columbia University.
Despite the high-profile cases, though, research from ProPublica found OCR had levied fines just 22 times since 2009.
Greene attributed that to lack of resources. OCR receives about 10,000 complaints a year and tries to resolve all that have validity, he told GovInfoSecurity.
The HIPAA audit program is on hold as the agency works to upgrade technology. It's not clear when it will resume.