[View the story “Leon Rodriguez, Director, HHS OCR, discusses HIPAA / HITECH Enforcement Last Week” on Storify]
Leon Rodriguez, Director, HHS OCR, discusses HIPAA / HITECH Enforcement Last Week
This interview was one of the highlights of last week’s Privacy and Security Forum
Storified by David Harlow · Sun, Dec 16 2012 19:59:1
[View the story “Leon Rodriguez, Director, HHS OCR, discusses HIPAA / HITECH Enforcement Last Week” on Storify]
Leon Rodriguez, Director, HHS OCR, discusses HIPAA / HITECH Enforcement Last Week
This interview was one of the highlights of last week’s Privacy and Security Forum
Storified by David Harlow · Sun, Dec 16 2012 19:59:17
One of the highlights of last week’s Privacy and Security Forum was Bernie Monegain’s interview of Leon Rodriguez. I livetweeted the session, and share here what we heard live from the source in Boston.
Photo: Leon Rodriguez, OCR director, talks with @Bernie_HITN at #psforum12 http://pic.twitter.com/qVCYQNsoChip Means
#PSForum12 session w Leon Rodriguez Dir #OCR intvw’d by Bernie Monegain EIC @HITnewstweet beginsDavid Harlow
Leon Rodriguez #ONC when asked for ETA of #HIPAA #HITECH regs pleads no comment #psforum12David Harlow
Leon Rodriguez sees each #OCR case brought, penalty levied, as roadmap for compliance for ea diff sector w/in #healthcare #psforum12David Harlow
Rodriguez #OCR Past experience as prosecutor& as GC for a CE informs perspectv that enforcmnt nds 2B cogniznt of business reality #psforum12David Harlow
Rodriguez: We look for adherence to process set out in regs. KPMG sig finding – failure to conduct risk analysis #psforum12David Harlow
Rodriguez: So w/o even looking at content of analysis – concerned abt folks not even doing it. #psforum12David Harlow
Rodriguez: CEs either encrypt or don’t even conduct analysis abt whether to encrypt #psforum12David Harlow
Q put to Rodriguez: Why don’t CE’s do the risk analysis? Talks abt Fraud&Abuse history. #Privacy compliance in midst of evolution #psforum12David Harlow
Rodriguez: #OCR workload quintupled since #HIPAA & #HITECH compliance work given to them #psforum12David Harlow
Rodriguez: #OCR going beyond reactive model of complaint investign. Risk-basd audits starting; sim proactv effrts on civ rts side #psforum12David Harlow
Rodriguez cataloguing simple stuff to minimize consequences of human frailties (mix of policy & tech) #psforum12David Harlow
Rodriguez: #OCR now working on formula for monetary restitution to subjects of breaches #psforum12David Harlow
Rodriguez: #OCR goal is to est permanent audit program beyond pilot, to be funded by $$ collected thru penalties assessed #psforum12David Harlow
Rodriguez #OCR looks first at whether CE conducted root cause analysis of breach and whether addressed #psforum12David Harlow
Rodriguez: I won’t use name “wall of shame” Purpose of the breach notification program is to ID vulnerabilities & remediate them #psforum12David Harlow