April 1, 2016. This week we have highlighted in our blog posts aspects of the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) HIPAA Compliance Audit Program that OCR announced as underway on March 21, 2016. In this post, we want to highlight the potential financial consequences of being found non-compliant as a result of an audit. A measure of these potential financial consequences is drawn from four 2016 settlements with HIPAA safeguard violators as outlined in HHS press announcements:
These are just snapshots in the past two months of the financial consequences for failure to comply with HIPAA/HITECH Act safeguard regulations. HIPAA Integrity recommends that you download and read the OCR resolution agreements and corrective action plans to get a complete picture of the violations and the costly non-financial-penalty consequences in terms of time, human resources, and HHS required reporting to achieve compliance prior to discovery of non-compliance in a compliance audit or complaint or breach investigation.
Toward that end, make sure your documentation is in order before receiving a request to send policies and procedures to the Office for Civil Rights (OCR) for a desk audit. Note that in three of the four violations above, “policies and procedures” were mentioned as being absent or insufficient.
HIPAA Integrity can get your organization on the documented path to compliance today with its downloadable HIPAA Integrity Safeguard Compliance Tool Package (Version 3.0). This Package, with its written compliance tools, is designed for covered entities and business associates to document and successfully demonstrate safeguard compliance for either a desk or onsite audit. The HIPAA Integrity Safeguard Compliance Tool Package (Version 3.0) is comprised of an easy-to-follow tabular risk analysis template; 92 written generic safeguard policies and procedures that a covered entity or business associate must have in place and that can readily be tailored to its risk analysis findings; 22 authorization and maintenance forms accompanying safeguard procedures; and the safeguard training curriculum in five lessons with test questions for administration by Privacy and Security Officials to their workforce members. Each component of the package is linked via proprietary code and written in plain language. HIPAA Integrity also includes guidance, online accessible authoritative references, and OCR audit protocols. HIPAA Integrity’s initial first year membership, which includes any updates, is an affordable $499 ($449 through Sunday, April 3) and immediately downloadable after payment fulfillment. Purchasers have the option of renewing annually thereafter for $99, which includes any updates and version changes. Register for additional information and Package sample documentation. It is no April Fool’s Joke that HIPAA Integrity is a much more cost-effective option than being selected for an OCR desk audit and found non-compliant as the examples above clearly demonstrate.