Why HIPAA Enforcement Will Get Stronger In 2016

Why HIPAA Enforcement Will Get Stronger In 2016?

In our last post, we reminded the followers of this blog that for the last couple of years we’ve been expecting many more HIPAA audits from the Office of Inspector General (OIG). In fact we are sure they are heading our way. I’m not just talking about covered entities (CE), I’m also talking about business associates (BA).

Why HIPAA Enforcement Will Get Stronger In 2016? In this post we cite the findings published by HCCA Compliance Institute , presented by Linda Sanchez, MPH, Senior Advisor, Health Information Privacy.

She presented some very interesting Phase 2 audit goals and what you can expect if you are audited. You can read them here.

The bottom line is this

If you’re a covered entity, or business associate, you should know that of the 550 to 800 entities contacted with distributed pre-audit surveys, last June, it is estimated that sometime in 2016:

  • 350 will be selected for an audit.
  • OCR’s own staff will conduct the audits
  • These will be a combination of desk audits (a phone call), following up on the survey and previous issues that could have been identified and onsite audits
  • They will measuring for security, breach and privacy
  • Additionally, your business associates can be part of that audit

This is the “top level” of the scope of these Phase 2 audits

For all of us business associates who support the healthcare profession, this is very important.

This is very important? Why?

In case you haven’t heard the latest news from The Department of Health and Human Servicesw, posted March 16, 2016, at hhs.gov . . .
“North Memorial Health Care of Minnesota has agreed to pay $1,550,000 to settle charges that it potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by failing to enter into a business associate agreement with a major contractor and failing to institute an organization-wide risk analysis to address the risks and vulnerabilities to its patient information.”

Under law, $1,500,000.00 is the highest fine that can be levied. This should be a wakeup call regarding the importance of Business Associate Agreements (BAA) with the covered entities we support.

In our next post we’ll discuss: Why Covered Entities Should Prioritize a Security Risk Analysis

Achieve, Illustrate and Maintain Compliance

From personal experience, we can attest to this fact: Achieving, Illustrating to an auditor and Maintaining regulatory compliance is costly and time consuming. There is no doubt about this. But non-compliance can prove even more costly if you ignore it and fail an audit.

Under the new HIPAA, HITECH Omnibus rule, fines from the OCR now range from $100.00 up to $1,500,000.00 depending on an organization’s response to the auditor who requires visible, demonstrable evidence of compliance.

DTS InfoTech Can Help

Many health care providers are not HIPAA Compliant. If this describes you, we can help you Achieve compliance, Illustrate compliance to auditors and Maintain full compliancy.

Return to main HIPAA page

For more information: www.dtsinfotech.com/hipaa-compliance-for-small-health-care-practices-2/

Dedicated to your success,

Wally Moore
General Manager and Compliance Officer
dts|infotech . . . computer networks that work