Leon Rodriguez, Director, HHS OCR, discusses HIPAA / HITECH Enforcement Last Week

3 Min Read
[View the story “Leon Rodriguez, Director, HHS OCR, discusses HIPAA / HITECH Enforcement Last Week” on Storify]

Leon Rodriguez, Director, HHS OCR, discusses HIPAA / HITECH Enforcement Last Week

This interview was one of the highlights of last week’s Privacy and Security Forum

Storified by David Harlow · Sun, Dec 16 2012 19:59:1

[View the story “Leon Rodriguez, Director, HHS OCR, discusses HIPAA / HITECH Enforcement Last Week” on Storify]

Leon Rodriguez, Director, HHS OCR, discusses HIPAA / HITECH Enforcement Last Week

This interview was one of the highlights of last week’s Privacy and Security Forum

Storified by David Harlow · Sun, Dec 16 2012 19:59:17

One of the highlights of last week’s Privacy and Security Forum was Bernie Monegain’s interview of Leon Rodriguez. I livetweeted the session, and share here what we heard live from the source in Boston.
Photo: Leon Rodriguez, OCR director, talks with @Bernie_HITN at #psforum12 http://pic.twitter.com/qVCYQNsoChip Means
#PSForum12 session w Leon Rodriguez Dir #OCR intvw’d by Bernie Monegain EIC @HITnewstweet beginsDavid Harlow
Leon Rodriguez #ONC when asked for ETA of #HIPAA #HITECH regs pleads no comment #psforum12David Harlow
Leon Rodriguez sees each #OCR case brought, penalty levied, as roadmap for compliance for ea diff sector w/in #healthcare #psforum12David Harlow
Rodriguez #OCR Past experience as prosecutor& as GC for a CE informs perspectv that enforcmnt nds 2B cogniznt of business reality #psforum12David Harlow
Rodriguez: We look for adherence to process set out in regs. KPMG sig finding – failure to conduct risk analysis #psforum12David Harlow
Rodriguez: So w/o even looking at content of analysis – concerned abt folks not even doing it. #psforum12David Harlow
Rodriguez: CEs either encrypt or don’t even conduct analysis abt whether to encrypt #psforum12David Harlow
Q put to Rodriguez: Why don’t CE’s do the risk analysis? Talks abt Fraud&Abuse history. #Privacy compliance in midst of evolution #psforum12David Harlow
Rodriguez: #OCR workload quintupled since #HIPAA & #HITECH compliance work given to them #psforum12David Harlow
Rodriguez: #OCR going beyond reactive model of complaint investign. Risk-basd audits starting; sim proactv effrts on civ rts side #psforum12David Harlow
Rodriguez cataloguing simple stuff to minimize consequences of human frailties (mix of policy & tech) #psforum12David Harlow
Rodriguez: #OCR now working on formula for monetary restitution to subjects of breaches #psforum12David Harlow
Rodriguez: #OCR goal is to est permanent audit program beyond pilot, to be funded by $$ collected thru penalties assessed #psforum12David Harlow
Rodriguez #OCR looks first at whether CE conducted root cause analysis of breach and whether addressed #psforum12David Harlow
Rodriguez: I won’t use name “wall of shame” Purpose of the breach notification program is to ID vulnerabilities & remediate them #psforum12David Harlow

TAGGED:
Share This Article
Follow:
DAVID HARLOW is Principal of The Harlow Group LLC, a health care law and consulting firm based in the Hub of the Universe, Boston, MA. His thirty years’ experience in the public and private sectors affords him a unique perspective on legal, policy and business issues facing the health care community. David is adept at assisting clients in developing new paradigms for their business organizations, relationships and processes so as to maximize the realization of organizational goals in a highly regulated environment, in realms ranging from health data privacy and security to digital health strategy to physician-hospital relationships to the avoidance of fraud and abuse. He's been called "an expert on HIPAA and other health-related law issues [who] knows more than virtually anyone on those topics.” (Forbes.com.) His award-winning blog, HealthBlawg, is highly regarded in both the legal and health policy blogging worlds. David is a charter member of the external Advisory Board of the Mayo Clinic Social Media Network and has served as the Public Policy Chair of the Society for Participatory Medicine, on the Health Law Section Council of the Massachusetts Bar Association and on the Advisory Board of FierceHealthIT. He speaks regularly before health care and legal industry groups on business, policy and legal matters. You should follow him on Twitter.
Exit mobile version