Can your Organization Afford to be Fined for HIPAA Violations?

HIPAA violations are costing healthcare providers millions of dollars in fines, not to mention negative publicity and reputational damage.  Yet lack of compliance among many healthcare providers persists, largely because HIPAA compliance can be a very complex process.  HIPAA Privacy, Breach and Security Rules encompass hundreds of requirements and implementation specifications, all enforced by the Office for Civil Rights (OCR).  Enforcement is strict and tenacious, and OCR is known to vigorously pursue any and all infractions.  Moreover, the government does not consider ignorance of HIPAA law a defense. With literally millions of dollars at risk, can your organization really afford to ignore the legal and ethical responsibility of HIPAA compliance? 

In OCR Random Audits

OCR Audit Readiness-HIPAA Security Rule

Healthcare Providers are legally and ethically obligated to ensure patient privacy. And with the 2016 OCR audits currently underway, now is the time to ensure your organization is compliant with the requirements and implementation specifications of HIPAA Privacy, Security and Breach Notification Rules. This article will focus on best practices to ensure compliance with the Security Rule.

In OCR Random Audits

OCR Audit Readiness-HIPAA Privacy and Breach Rules

OCR’s 2016 Audit protocol encompasses 180 requirements and implementation specifications from HIPAA Privacy, Security and Breach Notification Rules. While the primary audit objective is to assess compliance of the HIPAA regulated industry, a secondary objective is to discover industry-common vulnerabilities that have remained undetected during routine OCR complaint investigations and compliance reviews. Based on the broad scope of potential audit topics and on OCR’s stanch audit objectives, indications point to substantial failure rates.

In OCR Random Audits

Could Your Organization be Ready in 10 Days for an OCR HIPAA Audit?

The Office for Civil Rights (OCR) is currently auditing Covered Entities and Business Associates to assess compliance with HIPAA mandated processes, controls, and policies. Organizations selected for an audit will have 10 business days to provide the requested audit information.  Could your organization respond in 10 days?

In OCR Random Audits

2016 HIPAA Audit Selection Process

The new HIPAA audits are currently underway, targeting healthcare organizations as well as Business Associates.  Conducted by the Office for Civil Rights (OCR), the audits are intended to assess compliance of the HIPAA regulated industry, with a focus on selected specifications of HIPAA Privacy, Security, and Breach Notification Rules. Every Covered Entity and Business Associate is eligible for an audit. So how will you know if your organization has been selected?

In OCR Random Audits

OCR HIPAA Audit Protocol

Will your organization face a HIPAA audit in 2016?  If you are a Covered Entity or Business Associate, now is the time to test, analyze and remediate any vulnerabilities in your HIPAA Security, Privacy and Breach compliance. The Office for Civil Rights (OCR) has recently announced a new 2016 audit program targeting selected Covered Entities and Business Associates, with protocol that could likely result in significant enforcement actions.

In OCR Random Audits