Some industry watchers speculated that the Office for Civil Rights (OCR), the federal agency that enforces the Health Insurance Portability and Accountability Act (HIPAA) would be less active under the administration of President Donald Trump. Those speculations have proven ill-founded, according to BBR Services. In its latest Beazley Breach Insights report, BBR Services highlighted the following:
“Post-breach enforcement by OCR makes it imperative for healthcare organizations to ensure their security risk analyses and risk mitigation plans are reviewed regularly and updated,” said Katherine Keefe, head of BBR Services. “As well as issuing larger fines for major breaches, OCR is investigating smaller-scale data breaches than previously. BBR Services strongly recommends that healthcare organizations of all sizes review their cybersecurity policies, practices and employee training programs and engage their insurer or broker in building a robust, HIPAA-compliant risk management program.”