Historically, HIPAA enforcement has focused predominantly on the failure of covered entities to keep protected health information (PHI) private and secure; but now the scope is broadening to encompass keeping PHI too private and too secure. The HHS Office for Civil Rights (OCR), the agency that enforces HIPAA rules, has broken new ground by fining a Florida hospital for failing to provide access to PHI to the individual it relates to. Here’s a look at the case and what it portends about the new direction in HIPAA enforcement. The HIPAA Right of Access When you hear the term “HIPAA Privacy Rule,” the first thing likely to jump into your mind is the obligation to keep PHI secure and refrain from disclosing it to third parties without appropriate authorization. But there’s… . . . read more.