Office for Civil Rights (OCR) - Two Significant Announcements

Office for Civil Rights (OCR) - Two Significant Announcements

by ih-coc admin

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) had two significant announcements this past week resulting in total of $4.6 million for a settlement and imposed penalty.  The two cases, one involving a public agency, the Texas Health and Human Services Commission (TX HHSC) and the second, a university medical center, the University of Rochester Medical Center (URMC). 

Both cases demonstrate OCR is continuing on an aggressive path to address reported breaches and investigate how organizations are just not being proactive with HIPAA compliance requirements.These investigations uncovered a slew of problems, especially in the Texas case.  What was troubling about this case, is the TX HHSC had such poor audit controls, it could not determine the number of persons who inappropriately accessed the protected health information in question. 

In the URMC case, it determined “identification of a lack of encryption as a high risk to ePHI, URMC [still] permitted the continued use of unencrypted mobile devices.”  This is a clear case of somebody dropping the ball due to reasons one can only speculate about.  

If OCR’s track record is similar to recent years, expect more settlement announcements to be made before the end of the year.  With the holidays quickly approaching, OCR may not be spreading good cheer for some. 

Read the TX HHSC Press Release 

Read the URMC Press Release