HHS Reboots HIPAA Audit Program

Written By L Trotter II

The Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) has signaled significant updates and shifts in its enforcement strategy that will impact all in the healthcare space.

Firstly, OCR Director Melanie Fontes Rainer recently announced the resumption of the long-dormant HITECH Act HIPAA audits, a much needed stride towards ensuring compliance. Paused for the past seven years, these audits have now resumed, signaling a significant alignment with ongoing efforts to update the HIPAA Security Rule. This update aims to reflect the technological advancements and the evolution in healthcare delivery over the last two decades.

A focal point of enforcement efforts is the requirement for conducting thorough risk assessments. Despite its importance, this remains a considerable weakness among many healthcare organizations, particularly small to medium-sized entities. This gap continues to be identified as a significant factor to breaches.

Additionally, OCR plans to introduce a proposed update to the HIPAA Security Rule by year-end. This update intends to integrate modern security practices such as end-to-end encryption, reflecting the current state of technology and the ways we engage with healthcare services today.

While these regulatory updates are underway, we also see heightened activity in addressing current threats such as Ransomware. OCR is actively engaging with recent breaches, such as the Change Healthcare cyberattack, to extract and disseminate lessons learned.

From my viewpoint, these developments are strategic opportunities and far overdue. Perhaps resuming HIPAA audits will signal the seriousness of cybersecurity. I would argue for more significant repercussions as well. Healthcare has gone too long without oversight which has led to a regular practice of legacy systems, interoperability issues, and insufficient verification processes (e.g., right to access.) These are challenges of the past in other industries.

It is imperative for healthcare leaders to champion these changes and advocate for improvement. Staying a head of these changes and integrating them into current operational strategies will be pivotal in 2024!

L Trotter II

As Founder and CEO of Inherent Security, Larry Trotter II is responsible for defining the mission and vision of the company, ensuring execution aligns with the business purpose. Larry has transformed Inherent Security from a consultancy to a cybersecurity company through partnerships and expert acquisitions. Today the company leverages its healthcare and government expertise to accelerate compliance operation for clients.

Larry has provided services for 12 years across the private industry developing security strategies and managing security operations for Fortune 500 companies and healthcare organizations. He is influential business leader who can demonstrate the value proposition of security and its direct link to customers.

Larry graduated from Old Dominion University with a bachelor’s degree in Business Administration with a focus on IT and Networking. Larry has accumulated certifications such as the CISM, ISO27001 Lead Implementer, GCIA and others. He serves on the Board of Directors for the MIT Enterprise Forum DC and Baltimore.

https://www.inherentsecurity.com
Previous

2024's Healthcare Cybersecurity Breaches Revealed!
Next

The $22 Million Question: UHG CEO Reveals Hard Truths in His Testimony