According to Health Data Management, Susan McAndrew, deputy director for privacy at the Department of Health and Human Services’ Office for Civil Rights (OCR) announced at a recent conference that OCR added investigators to 10 regional offices in order to boost enforcement of HIPAA privacy and security rules.
On August 3, 2009, HHS Secretary Kathleen Sebelius transferred the responsibility for HIPAA Security Rule enforcement from CMS to OCR, which is now tasked with enforcement of both the HIPAA Security Rule and the HIPAA Privacy Rule.
While the transition from CMS to OCR “took longer than expected,” Ms. McAndrew believes that OCR is finally in a position to increase enforcement efforts in order to realize the privacy and security initiatives enacted last year pursuant to the HITECH Act.
We’re hoping to move security to the forefront and make it a real partner with privacy in our enforcement… [and] that with additional feet on the ground, we’ll be able to do many more security cases as the year moves forward.
“OCR Boosting Security Enforcement,” Health Data Management (May 12, 2010).