As of earlier this month, 1, 170 breaches involving 31 million records have been reported to the Department of Health and Human Services (HHS) since mandated reporting of breaches began in September 2009. An increase in the number of breaches isn’t the only statistic on the rise. Although 2014 data has not yet been released, the number of complaints in 2013 reached a new high (4,463). It doesn’t take a crystal ball to predict that these numbers in 2015 will continue to rise. We haven’t reached the apex yet.
The newly approved 2015 federal budget does not include an increase in funding for the federal agencies responsible for enforcing HIPAA, including the HHS Office of Civil Rights (OCR), but HHS isn’t viewing it as a setback. Per an OCR spokeswoman “OCR’s strong enforcement of the HIPAA privacy, security, and breach notification rules, remains very much on track…” Just a few weeks ago, HHS settled with the Alaska Department of Health and Humans services for $1.7 million for potential HIPAA violations.
If enforcement efforts remain on track in 2015, so should compliance efforts next year. Keep your HIPAA policies and procedures up to date and conduct regular risk assessments. If your organization has not addressed security on mobile devices or theft of patient data by former employees, do so now. Especially if you are contemplating a transaction in 2015, it’s time to take a deep dive regarding HIPAA compliance.