OCR Will Now Enforce the HIPAA Security Rule
In an effort to consolidate HIPAA administration and enforcement within the Office of Civil Rights ("OCR"), the Secretary of the Department of Health and Human Services ("HHS"), Kathleen Sebelius, has moved the administration and enforcement of the HIPAA Security Rule away from the Centers for Medicare & Medicaid Services and has delegated that authority to the OCR, the office that administers and enforces the Privacy Rule. According to Secretary Sebelius, “Privacy and security are naturally intertwined, because they both address protected health information. Combining the enforcement authority in one agency within HHS will facilitate improvements by eliminating duplication and increasing efficiency.” This reconfiguration provides further evidence that HHS is gearing up to increase HIPAA enforcement in light of the changes set forth in the HITECH Act.
