A November 21, 2013 report published by the Office of the Inspector General (OIG) concluded that The Department of Health & Human Services (HHS) Office for Civil Rights (OCR) is not fully enforcing the HIPAA Security Rule and laid out recommendations for the OCR to implement. The OIG’s report also concluded separately that OCR is not in full compliance with the cybersecurity requirements in the National Institute of Standards and Technology (NIST) Risk Management Framework, to which OCR responded describing the actions it has taken since May 2011 in regards to OIG concerns.
Click here to read more on our sister blog, Life Sciences Legal Update.