The Office for Civil Rights, the enforcer of the HIPAA privacy and security rules, is asking for an increase of $5.6 million in its Fiscal Year 2012 budget proposal, mostly to adhere to HIPAA compliance and enforcement requirements.
Nearly half ($2.283 million) is needed because of OCR’s requirement to hire “regional privacy officers” who offer guidance and education to covered entities, business associates, and individuals regarding HIPAA privacy and security.
OCR is requesting another $1.335 million to help investigate HITECH breach reports. As of September, 30, 2010, OCR has received a total of 9,300 breach reports — 191 impact more than 500 individuals and 9,109 impact fewer than 500 individuals.
The numbers have increased since the report. As of Wednesday, March 16, 249 entities have reported breaches affecting 500 or more individuals to OCR.
OCR says it needs help investigating the small breaches. It needs additional full time equivalent employees and resources to “ensure it is able to conduct investigations of potential small- and mid-sized breaches.”
The new breach reports represent a 109% increase in OCR’s HIPAA workload – and they are in addition to the nearly 9,400 HIPAA privacy and security rule complaints that OCR received in FY 2010.
“Based on OCR’s current HIPAA case load, almost all breach reports that impact [fewer] than 500 individuals are not investigated,” OCR writes.