HIPAA compliance has seemed to be on the government’s radar more than ever before. In just the past year, we’ve seen record-breaking Office for Civil Rights (OCR) enforcement, proposed Privacy Rule updates and the implementation of the HIPAA Safe Harbor Law and the 21st Century Cures Act – two new sets of legislation centered around healthcare, technology, and patient rights. So with the spotlight set on protecting the privacy and security of health data during a time where reliance on technology is especially prevalent – it should come as no surprise that the government’s newly proposed budget features a heavy focus and increase in funding for this area specifically.
The Biden Administration recently released their proposed 2022 budget for the Department of Health and Human Services (HHS) in early June. The proposal calls for additional spending to better protect the healthcare industry from evolving cyber threats and support government efforts in enforcing compliance among covered entities. So exactly how much of a budget increase are they requesting and what does that tell us about the future of HIPAA compliance?
While those dollar figures are already a good indicator of where we can expect the government to continue its focus – ensuring that patients’ health data is properly protected goes beyond those hefty price tags. Fiscal 2022 proposed budget also seeks to add 39 staff members to the OCR, bringing the employment total to 229, and acknowledges that the “OCR will engage in rulemaking to further strengthen individuals’ rights to access their own health information, improve information sharing for care coordination and case management and reduce administrative burdens.”
So just as recent enforcement numbers have proven the governments’ awareness of noncompliance and influx of cyberthreats has shed light on a lack of proper security protections amongst healthcare providers – this proposed budget provides a ‘crystal-ball’ prediction of what we can expect to see moving forward. Adding in millions of dollars to the budget and expanding the task force in these relevant government agencies will produce even more resources available to ensure all covered entities are best protecting health data privacy and security. And although the new budget is not finalized as of yet, the upcoming changes to the Privacy Rule and commitment outlined within the proposal to improve upon government rulemaking is a clear sign that their emphasis on HIPAA and other health IT-related laws is not going away anytime soon.
First off, meeting HIPAA and cybersecurity requirements is essential to protecting your practice and your patients from a data breach or HIPAA violation. While these are certainly things that should be prioritized regardless of the government’s spending plans, the proposal creates even more urgency in ensuring that you have these necessary safeguards in place. So as the government continues to hone in their focus on health data privacy and security, your practice should too – and having a complete compliance AND security program is the perfect place to start.