Despite the wave of health data breaches in the last few years, Office of Civil Rights Director Jocelyn Samuels says patient privacy is still a priority.
In a recent interview with ProPublica, Ms. Samuels said the recent breaches at insurance giant Anthem and Premera Blue Cross have highlighted the need for increased cybersecurity and for covered entities to consistently update their risk assessments. However, the need for privacy is greater than ever because of the amount and personal nature of data available on EHR systems, she said.
"The ability to access EHRs is something that we obviously have clarified and expanded over time since HIPAA was enacted," Ms. Samuels told ProPublica. "And I anticipate that we will continue to evaluate the application of HIPAA standards to emerging issues, whether they are posed by new technology or new forms of risk that aren't being adequately addressed."
The OCR is a small staff and deals with thousands of complaints about data breaches of various sizes every year. To meet the demand for its services, the office has created centralized services to respond to phone calls and process complaints. In response to criticism that the office does not use fines often enough, Ms. Samuels said the office prefers entities covered by HIPAA have the policies and procedures in place to protect information in the future as remedial relief, according to the report.