Budget Cuts Would Hit HIPAA Enforcer

President's Budget Would Trim Office for Civil Rights Spending
Budget Cuts Would Hit HIPAA Enforcer

President Obama's proposed fiscal 2013 budget calls for an overall 8 percent increase in spending for the Department of Health and Human Services, but a 5 percent cut in spending for the unit that enforces HIPAA. The cut reflects improved efficiency at the HHS Office for Civil Rights, the budget proposal contends.

See Also: OnDemand | Making the Connection Between Cybersecurity and Patient Care

Under the proposal, the Office for Civil Rights would spend $39 million in fiscal 2013, down from $41 million in fiscal 2012. It would also cut its staff by 4 percent to a total of 256.

"OCR instituted a number of process improvements and administrative efficiencies from FY 2002 through FY 2010, including improved staff skill sets and case management techniques," the HHS budget proposal notes. "Those improvements have made OCR more efficient," enabling the $2 million budget cut.

Leon Rodriguez took over as the new director of the office last September, pledging to continue to step up enforcement of the Health Insurance Portability and Accountability Act's privacy and security provisions and the HIPAA breach notification rule (see: New HIPAA Enforcer Pinpoints Priorities).

Adam Greene, a former OCR official who now is a partner in the law firm Davis Wright Tremaine LLC, questions whether the budget cut will have an impact on the office's investigations. "The HITECH Act added breach notification to OCR's workload. I have to imagine that, despite claims of improved efficiencies, the increasing load from the HITECH Act and the decreasing budget is going to have a real impact, such as longer delays during investigations," Greene says. "It will be interesting to see whether the budget reduction and the expressed interest in continuing the HIPAA audit program will lead to more aggressive pursuit of settlements or fines.

OCR recently launched a HIPAA compliance audit program for calendar year 2012 under a $9.2 million contract with the consulting firm KPMG. That expense is funded, for now, by the HITECH Act, part of the economic stimulus package.

The HITECH Act mandated that OCR make modifications to HIPAA privacy and security rules. Those proposed modifications, including applying the rules to business associates, were introduced in 2010. But a final version of the modifications is long overdue. The budget proposal notes: "OCR is in the final stages of the rulemaking process" for the HIPAA modifications. Also overdue is a final version of the HIPAA breach notification rule; an interim final version is now in effect.

An HHS semiannual regulatory agenda published in the Federal Register Feb. 13 does not list the HIPAA modifications nor the HIPAA breach notification rule among the regulations HHS expects to issue in the next six months. But an OCR official says a January "unified agenda" document, with far more details, shows a March target date for releasing those rules (see: March Target for HIPAA Modifications).

ONC Budget Growth

The HHS Office of the National Coordinator for Health Information Technology's budget would grow 8 percent to $66 million under the proposed 2013 budget. Staff would grow 11 percent to a total of 191. ONC coordinates the HITECH Act electronic health record incentive program. Separate from the annual HHS annual budget, the HITECH Act is providing up to $30 billion for EHR incentives, health information exchange development and other healthcare projects.

The FY 2013 budget says ONC will spend $5 million "to assure that policies and practices are in place to keep health information private and secure in a rapidly changing environment." Other major proposed expenditures include $12 million for standards and interoperability work designed to ease the exchange of health information, as well as $7.8 million for supporting EHR adoption, up $2 million from the previous year. That extra funding would "allow ONC to work with healthcare organizations and community organizations to share best practices to encourage adoption and meaningful use of health IT." It also would help support Regional Extension Centers, which are providing assistance to smaller organizations that are automating their records.

The HHS semiannual regulatory agenda published Feb. 13 indicates that a proposed rule setting guidelines for Stage 2 of the HITECH EHR incentive program is slated to be issued this month (see sequence number 130).


About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.