I recently attended the Health Care Compliance Association’s (HCCA) Compliance Institute (March 25-29, 2017) in National Harbor, MD, where healthcare compliance experts gathered to discuss the challenges faced in today’s complex regulatory environment.
From there, a short ride to Washington, D.C., took me to the annual HIPAA Summit (March 29-31, 2017), where healthcare privacy and security professionals and compliance wonks heard the latest HIPAA updates.
Representatives from the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) delivered remarks at both events on what to expect from their office in 2017.
New Director of the OCR
Attendees at the HIPAA Summit had the great honor of hearing the first public remarks from the newly appointed Director of the OCR, Roger Severino, in his new capacity. Prior to his appointment, Severino’s long and distinguished public service career included seven years as a trial attorney with the Department of Justice’s Civil Rights Division. He also served as the Housing and Civil Enforcement Section’s E-Discovery officer and attorney advisor to the fair housing testing program. Most recently, Severino served as director of the DeVos Center for Religion and Civil Society, part of the Institute for Family, Community, and Opportunity at the Heritage Foundation, a prominent conservative think tank.
In his remarks at the Summit, Severino shared his unique perspective, as well as what he brings to his new position, emphasizing the important role of health information privacy and security to the overall functioning of the healthcare system. This focus will lead to patient faith and confidence in the system, which, according to the new director, is paramount for the system to function.
Severino said he will approach the position from both the civil rights side and the privacy and security side, using this dual approach to focus on the people impacted by the OCR’s work, including patients, as well as employees of regulated entities. He also seeks to eliminate burdens on regulated entities wherever possible.
OCR Priorities for 2017
Following Severino’s remarks, OCR Deputy Director Deven McGraw shared the OCR’s outlook for 2017. McGraw and her team plan to work with Severino over the coming weeks to identify priorities for policy and guidance.
Update on HIPAA Audit Program
Speaking on Phase 2 of the HIPAA Audit Program, McGraw reiterated that the audits are a tool for learning, not a tool for enforcement, and should eventually yield best practices. She noted that Stage 1 is nearly complete, with draft reports sent to auditees; Stage 2 Security Rule and Breach Notification audits continue for Business Associates; and finally, plans for onsite audits as part of Stage 3 will be finalized once the first two stages are completed.
McGraw stated that the OCR hopes to develop a continuous compliance monitoring program moving forward, as opposed to the sort of periodic audits enacted currently.
OCR Enforcement
Iliana Peters, Attorney and Senior Advisor at the OCR, spoke on OCR enforcement at both the Compliance Institute and the HIPAA Summit. She highlighted lessons learned from 2016 resolution agreements and civil money penalties. Peters noted that providers should complete regular and thorough risk analyses, ensuring knowledge of where Protected Health Information (PHI) is stored.
Another focus for providers should be encryption. PHI needs to be encrypted whenever possible, and anytime something is not encrypted, providers need to explain why. Peters also touched on the need for access and audit controls, as well as timely breach notification. The OCR’s hope is to continue with the same rate of resolution agreements in the months ahead.
The OCR is undoubtedly in a state of transition, where the only certainty is uncertainty. It should be very interesting to see what the OCR designates as priorities over the next few months.
Normally, I write about substantive law, but today I’m going to focus more on psychology. The idea was triggered by the subject line in an
EDITOR’S NOTE: Following last Monday’s Monitor Monday Internet broadcast, the U.S. Department of Health & Human Services (HHS) posted new guidance and an online portal,
Please log in to your account to comment on this article.
Only ICD10monitor delivers what you need: updates on must-know changes associated with the FY26 IPPS, including new ICD-10-CM/PCS codes, CCs/MCCs, and MS-DRGs, plus insights, analysis and answers to your questions from two of the country’s most respected subject matter experts.
This third session in our 2026 IPPS Masterclass will feature a review of FY26 changes to the MS-DRG methodology and new technology add-on payments (NTAPs), presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
This second session in our 2026 IPPS Masterclass will feature a review the FY26 changes to ICD-10-PCS codes. This information will be presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
This first session in our 2026 IPPS Masterclass will feature an in-depth explanation of FY26 changes to ICD-10-CM codes and guidelines, CCs/MCCs, and revisions to the MCE, presented by presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
RACmonitor is proud to welcome back Dr. Ronald Hirsch, one of his most requested webcasts. In this highly anticipated session, Dr. Hirsch will break down the complex Two Midnight Rule Medicare regulations, translating them into clear, actionable guidance. He’ll walk you through the basics of the rule, offer expert interpretation, and apply the rule to real-world clinical scenarios—so you leave with greater clarity, confidence, and the tools to ensure compliance.
Bring your questions and join the conversation during this open forum series, live every Wednesday at 10 a.m. EST from June 11–July 30. Hosted by Chuck Buck, these fast-paced 30-minute sessions connect you directly with top healthcare experts tackling today’s most urgent compliance and policy issues.
Fraud convictions don’t just punish a few bad claims; they can wipe out years of reimbursements. Don’t wait for an audit to learn the rules. Join Frank Cohen, MPA, for a live Q&A on spotting red flags, avoiding liability, and protecting your practice. Register now and bring your questions!
Substance abuse is everywhere. It’s a complicated diagnosis with wide-ranging implications well beyond acute care. The face of addiction continues to change so it’s important to remember not just the addict but the spectrum of extended victims and the other social determinants and legal ramifications. Join John K. Hall, MD, JD, MBA, FCLM, FRCPC, for a critical Q&A on navigating substance abuse in 2025. Register today and be a part of the conversation!
Copyright © 2025 RACmonitor. Powered by MedLearn Media.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
