So when is a HIPAA enforcement plan coming from OCR? The final rule on enforcement out of HITECH? The periodic audits?
One expert says the state of enforcement is likely somewhere in the middle of the two camps.
“While I do not believe the industry has remained stagnant, I do believe it has not changed as rapidly as we might have originally thought or been led to believe. But that is not to say further change is not coming,” says Chris Hourihan, director of operations at Meditology Services, a healthcare IT risk management and deployment services firm based in Atlanta.
The delay on the federal level has occurred because OCR is carefully considering its options and gathering data about the state of the industry before taking action, he says.
“I suspect that by the end of 2011, OCR will have its audit and enforcement plan defined,” Hourihan says.
Editor’s note: This was an excerpt from the March 2011 edition of the HCPro, Inc. newsletter, Briefings on HIPAA.