The secretary of HHS shifted enforcement of the HIPAA Security Rule from CMS to the Office for Civil Rights (OCR), according to an HHS announcement published Tuesday in the Federal Register.
Until now, OCR has enforced only the HIPAA Privacy Rule, which protects the privacy of patients’ health information and the confidentiality provisions of the Patient Safety Rule, which protect PHI from being used to analyze patient safety events and improve patient safety.
Read more in HealthLeaders.
Rebecca Herold has some commentary here.