JOIN US FOR A COMPLIMENTARY WEBINAR SPONSORED BY WEDI
OCR’s Privacy, Security, and Breach Notification Compliance Audits Are Underway: Is Your Organization Prepared?
Wednesday, May 4th, 2016 2 PM - 3 PM US/Eastern
April 18, 2016. HIPAA Integrity recommends that you read the excellent April 11, 2016, Business Insurance article by Mark A. Hofmann entitled: “Cyber coverage seen as security incentive.” This article discusses concepts of “cyber insurance in risk management” presented at a recent U.S. House of Representatives Homeland Security Committee.
April 15, 2016. On April 1, 2016, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Resources (HHS) published on its Website the long-awaited Audit Protocol-Current, which describes its intent as:
April 15, 2016. On April 1, 2016, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Resources (HHS) published on its Website its Audit Pre-Screening Questionnaire. We covered in an earlier post OCR’s initial outreach to covered entities to acquire and verify contact information. Then, OCR explains: “Once entity contact information is obtained, a questionnaire designed to gather data about the size, type, and operations of potential auditees will be sent to covered entities and business associates. [These] data will be used with other information to develop pools of potential auditees for the purpose of making audit subject selections.
April 8, 2016. HIPAA Integrity recommends that you read the excellent April 6, 2016, Health Data Management article by Joseph Goedert entitled: “Cyber insurance gaps may surprise healthcare organizations.” This article is based on an interview with Collin Hite, a security expert with the law firm of Hirschler Fleischer in Richmond, VA.
April 7, 2016. HIPAA Integrity recommends that you read the March 28, 2016, Modern Healthcare article by Joseph Conn entitled: “HHS amps up vendor HIPAA audits,” which focuses on the role of business associates handling covered entity protected health information (PHI). The article notes that since the Office for Civil Rights (OCR) started posting breaches of medical records in September 2009, there have been 1,472 breaches posted, affecting just under 33 million individuals.
April 6, 2016. On March 21, 2016, the Office for Civil Rights (OCR) announced that its long-awaited compliance audit program is “currently underway” and “will review the policies and procedures adopted and employed by covered entities and their business associates to meet selected standards and implementation specifications of the Privacy, security, and Breach Notification Rules.” All covered entities and business associates not currently under investigation for a complaint or breach are subject to selection for audit this year.
April 1, 2016. This week we have highlighted in our blog posts aspects of the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) HIPAA Compliance Audit Program that OCR announced as underway on March 21, 2016. In this post, we want to highlight the potential financial consequences of being found non-compliant as a result of an audit. A measure of these potential financial consequences is drawn from four 2016 settlements with HIPAA safeguard violators as outlined in HHS press announcements: