In a survey of HIPAA privacy cases, HHS' Office of Inspector General found the agency's Office of Civil Rights needs to strengthen its oversight of covered entities in compliance with the privacy rule.
The OIG reviewed a sample of cases the OCT investigated between September 2009 and March 2011. The OIG said the OCR's oversight is too reactive; it investigates possible noncompliance in response to complaints instead of implementing an audit program to proactively assess noncompliance.
Additionally, the review found the OCR didn't document corrected action taken by covered entities in approximately one-quarter of the closed privacy cases.
More articles on HIPAA:
HIPAA violation? Medical group alerts authorities when patient presents false ID
Are you prepared if the next big HIPAA breach happens to you?
OCR to begin proactive HIPAA audits