The U.S. Department of Health and Human Services (HHS) is refocusing its HIPAA privacy enforcement efforts on seeking monetary penalties in cases of “abject failure” to comply, the head of HHS’ Office for Civil Rights (OCR) indicated.
“The majority of matters we handle are going to be resolved through education” as they have in the past, OCR Director Leon Rodriguez told a privacy conference. But OCR plans to do fewer of those cases and more penalty cases where it finds “an abject failure of due diligence,” he said. “We’re seeing a lot of cases like that.”
Rodriguez cited past million-dollar settlements for incidents involving protected health information (PHI) left on a subway train or disposed of in a publicly accessible dumpster. Although those OCR actions came in response to specific incidents, “the big issue for me is what’s going on inside the entity that makes those things happen,” he said. OCR is seeing those kinds of organizational failures to assess and manage risk at many HIPAA-covered entities, he warned.
Lawmakers and others have criticized OCR for spotty enforcement of HIPAA’s privacy and security rules, even after the HITECH Act of 2009 greatly increased HIPAA penalty amounts and other enforcement authorities.
HITECH’s breach notification rules are another space we’ll see enforcement activity, Rodriguez said. “I’m not sure about the level of compliance” with the requirement to notify affected individuals, and sometimes HHS, of PHI breaches. HHS’ list of major breaches includes “way too many familiar names and not enough unfamiliar names,” so an enforcement action for failing to report “an obvious reportable breach” might help get the message out, he said.
Rodriguez spoke March 8 at the International Association of Privacy Professionals’ Global Privacy Summit.
HIPAA privacy and security enforcement and breach notification are detailed in the Employer’s Guide to HIPAA and Employer’s Guide to HIPAA Privacy Requirements.
The Labor Department has extended the comment period for its proposed rule to provide minimum wage and overtime protections for in-home companions by nine days, the agency announced in a March 9 release.
The division published a notice of proposed rulemaking in the Federal Register on Dec. 27, 2011, with a comment period originally set to end on Feb. 27, 2012. The division then extended the comment period to March 12. The department now will extend the comment period through March 21. Comments received between Dec. 27 and March 21 will be included in the rulemaking record. These actions will provide additional time for members of the public to analyze the issues raised in the proposal and to provide comments.
The proposed rule would expand minimum wage and overtime protections by ensuring that all home care workers employed by third parties, such as staffing agencies, receive these protections. It also would clarify that individuals performing skilled in-home care work are entitled to minimum wage and overtime pay. However, individuals engaged by families for true companionship or fellowship activities, such as visiting with friends or pursuing hobbies, still would be considered “companions” and not be required to meet the act’s labor standards provisions. To learn more about the proposed rule, visit http://www.dol.gov/whd/flsa/companionNPRM.htm.
Welcome to SmartHR Manager, your access to the valuable news and resources that will help your company stay in compliance and stay updated on new industry trends. With topics such as Wage and Hour, Leave and Employment Law and Employee Benefits, this blog is the best resource in the market for quick access to the information and news HR professionals need most to do their job efficiently and correctly. This blog is also a gateway to Thompson Publishing Group’s full line of HR and Benefits publications designed to meet your specific needs.