Government watchdog calls out HHS for not auditing health care’s privacy compliance since 2017
Nov. 26, 2024
Health Tech Reporter
The Office for Civil Rights is not checking whether health care providers and other people who handle Americans’ sensitive data are complying with federal health privacy law, a new report from the U.S. Department of Health and Human Services Office of Inspector General has found.
The Office for Civil Rights, or OCR, is in charge of enforcing HIPAA, the law that protects patients’ data from cyberattackers and other unauthorized parties. However, OCR has not conducted any HIPAA audits since 2017, leaving the nation’s health care organizations to either police themselves or wait until a cyberattack exposes their systems’ inadequacy.
advertisement
“What gets measured gets done,” said Don Patterson, director of HHS-OIG’s Cybersecurity and IT Audits Division, “so if OCR is not consistently performing these audits to assess whether entities are compliant or not, that can lead to weaknesses and gaps in security controls that may contribute to potential cybersecurity breaches.”
STAT+ Exclusive Story
Already have an account? Log in
This article is exclusive to STAT+ subscribers
Unlock this article — and get additional analysis of the technologies disrupting health care — by subscribing to STAT+.
Already have an account? Log in
Monthly
$39
Totals $468 per year
$39/month Get StartedTotals $468 per year
Starter
$20
for 3 months, then $399/year
$20 for 3 months Get StartedThen $399/year
Annual
$399
Save 15%
$399/year Get StartedSave 15%
11+ Users
Custom
Savings start at 25%!
Request A Quote Request A QuoteSavings start at 25%!
2-10 Users
$300
Annually per user
$300/year Get Started$300 Annually per user
View All Plans
To read the rest of this story subscribe to STAT+.
Subscribe Log In health tech, HHS, Policy, STAT+ Submit a correction requestReprints
Newsletter
Tech is transforming health care and life sciences. Our original reporting is here to keep you ahead of the curve.
