While at the HIMSS Privacy & Security Forum in Boston, Mac McMillan recorded a podcast with Marianne McGee of Information Security Group. In this podcast, Mac and Marianne discuss recent HIPAA enforcement by OCR and the future of enforcement for non-compliance. They also discuss what trends the industry can anticipate for 2016. They conclude the podcast with some of the biggest challenges that keep the industry up at night.
Do you think these recent HIPAA enforcement examples by OCR are going to be a new trend?
Mac points out that OCR has gone through leadership and staff changes and now they are finally in a place where they can move forward with issuing settlements. We’ll continue to see enforcement for non-compliance and have already seen that these recent examples have common themes with other settlements, such as lack of risk analysis and encryption.
What enforcement actions would you like to see?
Mac says it’ll be interesting to see how they handle Business Associates in 2016. Despite it being three years since they’ve been directly responsible for protecting personal health information, we still have not seen much of a response from healthcare vendors. A lot of vendors have immature security programs and policies in place, and in general aren’t where they need to be. Mac says, “I’d like to see some of