The HHS Office for Civil Rights (OCR) now has new and fuller powers to enforce the HIPAA privacy regulations as detailed in the HITEH provisions of the American Recovery and Reinvestment Act.  Now, OCR will shoulder the responsibility to enforce HIPAA security instead of the Centers for Medicare and Medicaid Services (CMS) that previously held this ability.  OCR plans to fully utilize its increased authority and is now able to levy civil fines of as much as $1.5 million per violation.

"now able to levy civil fines of as much as $1.5 million"

At a recent conference, Marilou King, a senior advisor for HHS’s office of General Council Civil Rights Division stated, "OCR has significantly strengthened tools with which to obtain compliance," as reported by Government Health IT. King added, "And the goal of the enforcement program will be to obtain compliance from covered entities and from new regulated entities as HITECH has authorized,"

The OCR is attempting to build consumer confidence in putting their information into an electronic health record.  Maintaining this confidence will require that complaints are investigated and that violations are understood and corrected. With the increased ability to impose direct fines against violators it makes this the perfect time to revaluate your security polices and make sure that they are sufficient, in use and reviewed regularly.