Jerome B. Meites, a chief regional civil rights counsel at HHS, advised a June 12 American Bar Association conference in Chicago that enforcement efforts by HHS in the next 12 months regarding privacy breaches and/or security lapses regarding protected health information will likely result in aggregate fines exceeding the more than $10 million in fines assessed since June 2013. Mr. Meites based his remarks on previous statements in which leaders at HHS’ Office of Civil Rights have signaled an increasing desire to send strong messages. As part of his remarks, Mr. Meites also noted that portable media causes an enormous number of the complaints that OCR deals with. The message here for businesses subject to the HIPAA Privacy, Security and Data Breach Notification rules is to is to perform a comprehensive risk analysis and then address any vulnerabilities raised by the analysis, with a particular focus on mobile devices. For questions about HIPAA compliance issues, contact a member of the McGrath North Privacy and Data Security Group.
Insights & Opinions from McGrath North