The Office of Inspector General, U.S. Department of Health and Human Services issued a report urging enhanced oversight of compliance with the HIPAA privacy standards.
Covered entities under HIPAA that do not properly safeguard protected health information could expose people to identity theft, fraud and other harm. The HIPAA privacy rule provides standards for protecting PHI. After reviewing HIPAA incidents, the Inspector General determined that OCR should take the following actions:
- implement a permanent audit program;
- maintain complete documentation of corrective action;
- develop an efficient method in its case-tracking system to search for and track covered entities;
- develop a policy requiring OCR staff to check whether covered entities have been previously investigated;
- continue to expand outreach and education efforts to covered entities.
