We are 3 days out from swearing in a new President. How will the administration change impact HIPAA in 2017? Most industry insiders struggle to forecast what President-elect Donald Trump will do upon taking office being that his position on health information privacy and security is not well known.
A New Direction of the Department of Health and Human Services (HHS)
The President-elect’s pick for the next Department of Health and Human Services secretary is a physician named Tom Price. As a member of the House of Representatives, Dr. Price has a history of supporting the development of emerging health information technologies. A critic of “burdensome regulations on healthcare providers,” he sponsored legislation to reduce reporting requirements for providers participating in HITECH Act’s Meaningful Use electronic health record incentive payment program
Additionally, Dr. Price is a staunch critic of the Affordable Care Act and has a legislation record including proposals to amend current HIPAA Privacy Rule restriction on health insurers providing employers who sponsor employee benefit programs with information about employee and family health insurance claims and treatment records.
Given his past history, it is not unsafe to say that Dr. Price may take the department down a different road in the coming years.
HHS Office for Civil Rights (OCR) Audit Protocol
After the “audit boom” of 2016 and seemingly continuous big healthcare data breaches, OCR sure was busy last year. 
So, what can we expect going forward? All indicators point to more of the same. Many speculate that OCR will sustain the ongoing HIPAA audits as part of the Phase 2 Audit Protocol but at a slower pace than last year. With nearly 1,800 breaches on the OCR “wall of shame” the need for close monitoring of protected health information continues to grow.
In 2016, OCR conducted approximately 225 desk audits shining a spotlight on covered entities (CE’s) and business associates (BA’s) alike. The audits took an in-depth look at the policies and procedures of each organization in respect to complying with the HIPAA Privacy, Security and Breach Notification Rules. It is clear the HIPAA audit program is here to stay however time will tell if the aggressive nature of the Phase 2 Audits will continue.
In terms of leadership within OCR, we will soon see a change. Current Director, Jocelyn Samuels will be stepping down before or around the time the President-elect takes office. At this point, it is not known who will replace her as the standing Director and when that individual will be announced.
