OCR Director: ‘An ounce of prevention is a pound of cure’

Major breaches most often occur within organizations that lack comprehensive risk analyses, said Jocelyn Samuels, the new director of the Department of Health & Human Services’ Office for Civil Rights (OCR).

“That is why enforcement is a critical part of our arsenal of tools,” she told an audience at the joint conference of the National Institute of Standards and Technology and OCR, “Safeguarding Health Information: Building Assurance through HIPAA Security,” on Sept. 23.

“We need to see that covered entities take their obligations seriously,” she said, adding that some providers dread security. With some humor, she quoted a family physician from the early years of HIPAA as saying: “I would rather eat live cockroaches than learn about HIPAA security.”

Often covered entities do not approach security seriously until there is a significant risk that puts thousands of their patient records at risk and affects the organization’s reputation and the trust of patients, she said. “We are more than ever living in an environment of complex health security threats,” underscoring the need to implement strong security practices."

“An ounce of prevention is a pound of cure,” she said. Risk analysis and risk management practices are “cornerstone” to compliant platforms, and organizations must respond appropriately to incidents and mitigate harm to affected individuals. During an investigation following a breach, OCR analyzes what led to the breach and determines whether noncompliance played a part, she said.  

OCR and NIST “are here to support the industry and help them develop strategies,” she said, promising to work with covered entities now and into the future.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.