"Enforcement promotes compliance" according to the new director of the Department of Health and Human Services’ Office for Civil Rights, Leon Rodriguez, during an interview with HealthcareInfoSecurity’s Howard Anderson. In September, Mr. Rodriguez replaced Georgina Verdugo, and enters his post with significant relevant experience. He was formerly chief of staff and deputy assistant attorney general for the Department of Justice Civil Rights Division, a health care attorney in privacy practice, and a prosecutor at the federal and state level.
On the upcoming HIPAA audits, Director Rodriguez had the following to say:
This is the first time we’re doing it, so the first thing … is for us to ‘go to school’ on how best we will run an audit program. In part, this is what you might call a pilot. We’re going to look at it and learn: How do we use an audit program? How does an audit program best advance our enforcement goals?
The second purpose, and this is really different than enforcement, is to promote compliance among the covered entities that are subject to the audit. Our first objective is not to go out there and start banging [organizations] with penalties; it’s really to take a good look at them, find out where their opportunities for improvement are and help them improve. Having said that, I think we know that there are cases where we’re going to find some significant vulnerabilities and weaknesses. And in those cases, we may be pursuing significant corrective action. And in some of those cases, we may be actually pursuing civil monetary penalties. But that’s really not the primary goal of the audit program.
With HIPAA audits scheduled to begin in the next few months, covered entities and business associates should become familiar with HHS’ new Director of Office of Civil Rights and his mission.