As some of the last HIPAA Megarule deadlines pass, the Office of Civil Rights has begun discussing enforcement in 2015. Joceyln Samuels, director of the OCR, said during a conference call that the OCR will focus on the failure to conduct risk evaluations of data breaches, ignoring security threats, and poor training of staff. Covered entities should renew efforts to follow their individual HIPAA compliance plans:

  • Adopt HIPAA-compliant privacy and security measures for all protected health information (PHI).
  • Conduct security risk assessments to identify vulnerabilities.
  •  Review business associate agreements and ensure that EHRs used by the doctor or practice can verify all assertions about the privacy and security of the medical records.
  •   Develop formal policies and training procedures for staff members that are tailored to the workflow of the organization.
  • Conduct regular training to change the behavior of employees who don't comply with privacy and security measures or aren't aware of them.
  • Conduct self-audits to test procedures for ensuring confidentiality and security of PHI.
  • Bring-your-own-device policies and perform a mock audit to determine exposures.

The OCR is also contemplating a proposed rule giving those persons harmed by breaches of their protected health information a percentage of any civil penalty paid by the offending covered entity. The OCR will provide additional guidance of cloud computing and protected health information.

Nursing Home Laws Changing

Gov. Rick Snyder signed Senate Bill 886 into law on Dec. 30, 2014 which seeks to modernize, increase protections and add transparency to the regulation of continuing care retirement communities which include nursing homes and adult foster care facilities.

The law is called the "Continuing Care Community Disclosure Act" and provides for the regulation of continuing care communities including retirement communities, nursing homes, home care agencies and hospices.

This law recognizes that people need various levels of care throughout the aging process and attempts to regulate the process of providing this care.