As many of you already know HHS has released an RFI for how HIPAA should be modified to support digital health information exchange as well as other important and needed updates.
However, for those of us who are working on a response, we are crippled by the lack of current HIPAA enforcement data from OCR. As far as I can tell, most data outputs end with 2016.
We really need to see data summarizing enforcement patterns for 2017 and 2018. This data will show us two important things:
- How OCR is choosing to devote its current resources?
- What real world problems is OCR detecting in the healthcare industry?
For most of the items under consideration in the current HIPAA RFI, commenters need to be able have both of these questions answered.
With that in mind, you can read the FOIA for the updated HIPAA enforcement data that we sent yesterday.
We feel very strongly that this data should be available before the RFI deadline. We are asking for the RFI deadline to be extended if OCR is not able to release the data in a timely manner.