Skip to content

No, Your Practice Hasn’t Been Overlooked by the OCR

The Department of Health and Human Services’ Office for Civil Rights (OCR) has recently published its HIPAA Audits Industry Report for 2016-2017. Although the review took a while to become available for public consumption, it should still serve as a reminder that the long OCR audit cycles should not instill companies with false confidence that their HIPAA violations will go unnoticed. Considering this report, it is more important now than ever to realize the impact that fines and punishments can have on non-compliant businesses.

A 3-Year Cycle Audit

Most law offices and other HIPAA compliant businesses saw the OCR report emerge and felt a sense of relief washing over them. However, it is essential to realize that the OCR audit is simply an industry-by-industry review of problems that have been discovered. So, what does it mean? The goal of the audit is to show places of weakness in the industry. That way, businesses can look at their setup and determine what places them at risk for the future.

To be clear, the long cycle of the OCR audits should not lull companies responsible for HIPAA information into complacency. The fact that it takes so long does not mean businesses should not stop looking for HIPAA violations within their walls. After all, the OCR audit is just a single way that a company could be found non-compliant.

To be clear, a long audit cycle does not mean:

  • No other audits are taking place on a company
  • Those common issues mentioned in the audit are the only ones that need attention

Why Your Business Needs to Remain HIPAA Compliant

What happens if a business becomes complacent and does not develop its HIPAA compliance? When a company gets caught violating HIPAA regulations, the resulting punishments can be severe. They include:

  • A minimum $50,000 and a maximum $250,000 fine for a willful violation of HIPAA
  • Restitution to the victims
  • Potential jail time depending on the case

Of course, there are provisions if an individual violated HIPAA due to a lack of training on the part of their company. These severe punishments are enough to individually impact the lives of workers and potentially sink a business.

How to Prepare: Your Company is Not Alone

Fortunately, companies that are counting on falling between an OCR audit’s cracks or simply lack the training to effectively implement HIPAA training in their workplace have options. Using managed service providers (MSPs), a company can hire field experts to audit their HIPAA compliance efforts. These MSPs can develop an action plan to help make a business compliant through training, software updates, and security.

7 Elements Of ComplianceNow is the time to start preparing for the next series of audits. While this year’s audit results might not be available for years to come, a company should always try to be proactive about protecting their customers’ information. Take initiative with this PDF featuring the Seven Fundamental Elements of an Effective Compliance Program.

Every business that interacts with HIPAA needs to be realistic about their capabilities and seek outside help if they cannot manage that responsibility. With such stiff penalties awaiting those who violate HIPAA, working to get in compliance now can prevent disaster down the road.

Click here to Schedule a Meeting with a consultant.

a close up of a radio with the time displayed

Why You Need a UPS in Your Network Equipment

Apart from securing your computer network against breaches, it is advisable to ensure that the network hardware is plugged into a UPS (uninterruptible power supply) system.

the word rules spelled with scrabble tiles

What Are The Three Rules of HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) lays out three rules for protecting patient health information, namely: The Privacy

wheel house it logo

Let's Start a Conversation

Fill out the form below and a member of our team will contact you within 10 minutes. (Mon-Fri 8am-6pm EST)

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Let's Start a Conversation

Rory from wheel house IT

Call (954) 474-2204, option 2 to speak with a representative.

Send us an email at

Or contact us by form below:

"*" indicates required fields

This field is for validation purposes and should be left unchanged.