HIPAA violations are costing healthcare providers millions of dollars in fines, not to mention negative publicity and reputational damage. Yet lack of compliance among many healthcare providers persists, largely because HIPAA compliance can be a very complex process. HIPAA Privacy, Breach and Security Rules encompass hundreds of requirements and implementation specifications, all enforced by the Office for Civil Rights (OCR). Enforcement is strict and tenacious, and OCR is known to vigorously pursue any and all infractions. Moreover, the government does not consider ignorance of HIPAA law a defense. With literally millions of dollars at risk, can your organization really afford to ignore the legal and ethical responsibility of HIPAA compliance?
Healthcare Providers are legally and ethically obligated to ensure patient privacy. And with the 2016 OCR audits currently underway, now is the time to ensure your organization is compliant with the requirements and implementation specifications of HIPAA Privacy, Security and Breach Notification Rules. This article will focus on best practices to ensure compliance with the Security Rule.
OCR’s 2016 Audit protocol encompasses 180 requirements and implementation specifications from HIPAA Privacy, Security and Breach Notification Rules. While the primary audit objective is to assess compliance of the HIPAA regulated industry, a secondary objective is to discover industry-common vulnerabilities that have remained undetected during routine OCR complaint investigations and compliance reviews. Based on the broad scope of potential audit topics and on OCR’s stanch audit objectives, indications point to substantial failure rates.
The Office for Civil Rights (OCR) is currently auditing Covered Entities and Business Associates to assess compliance with HIPAA mandated processes, controls, and policies. Organizations selected for an audit will have 10 business days to provide the requested audit information. Could your organization respond in 10 days?
The new HIPAA audits are currently underway, targeting healthcare organizations as well as Business Associates. Conducted by the Office for Civil Rights (OCR), the audits are intended to assess compliance of the HIPAA regulated industry, with a focus on selected specifications of HIPAA Privacy, Security, and Breach Notification Rules. Every Covered Entity and Business Associate is eligible for an audit. So how will you know if your organization has been selected?
Will your organization face a HIPAA audit in 2016? If you are a Covered Entity or Business Associate, now is the time to test, analyze and remediate any vulnerabilities in your HIPAA Security, Privacy and Breach compliance. The Office for Civil Rights (OCR) has recently announced a new 2016 audit program targeting selected Covered Entities and Business Associates, with protocol that could likely result in significant enforcement actions.
Healthcare organizations operating without a strong HIPAA compliance plan are playing a very risky game of Russian roulette. Now more than ever, the Office for Civil Rights (OCR) is serious about HIPAA enforcement, and expects full compliance with the requirements and implementation specifications of HIPAA Privacy, Security and Breach Notification Rules.
If you are a covered entity or business associate, the Office for Civil Rights (OCR) may have you in its crosshairs. In a recent interview, Devyn McGraw, OCR’s Deputy Director of Health Information/Privacy, announced that the new audit protocol is completed and will be released in April, with random audits to follow shortly thereafter.