Skip to content

No, Your Practice Hasn’t Been Overlooked by the OCR

The Department of Health and Human Services’ Office for Civil Rights (OCR) has recently published its HIPAA Audits Industry Report for 2016-2017. Although the review took a while to become available for public consumption, it should still serve as a reminder that the long OCR audit cycles should not instill companies with false confidence that their HIPAA violations will go unnoticed. Considering this report, it is more important now than ever to realize the impact that fines and punishments can have on non-compliant businesses.

A 3-Year Cycle Audit

Most law offices and other HIPAA compliant businesses saw the OCR report emerge and felt a sense of relief washing over them. However, it is essential to realize that the OCR audit is simply an industry-by-industry review of problems that have been discovered. So, what does it mean? The goal of the audit is to show places of weakness in the industry. That way, businesses can look at their setup and determine what places them at risk for the future.

To be clear, the long cycle of the OCR audits should not lull companies responsible for HIPAA information into complacency. The fact that it takes so long does not mean businesses should not stop looking for HIPAA violations within their walls. After all, the OCR audit is just a single way that a company could be found non-compliant.

To be clear, a long audit cycle does not mean:

  • No other audits are taking place on a company
  • Those common issues mentioned in the audit are the only ones that need attention

Why Your Business Needs to Remain HIPAA Compliant

What happens if a business becomes complacent and does not develop its HIPAA compliance? When a company gets caught violating HIPAA regulations, the resulting punishments can be severe. They include:

  • A minimum $50,000 and a maximum $250,000 fine for a willful violation of HIPAA
  • Restitution to the victims
  • Potential jail time depending on the case

Of course, there are provisions if an individual violated HIPAA due to a lack of training on the part of their company. These severe punishments are enough to individually impact the lives of workers and potentially sink a business.

How to Prepare: Your Company is Not Alone

Fortunately, companies that are counting on falling between an OCR audit’s cracks or simply lack the training to effectively implement HIPAA training in their workplace have options. Using managed service providers (MSPs), a company can hire field experts to audit their HIPAA compliance efforts. These MSPs can develop an action plan to help make a business compliant through training, software updates, and security.

7 Elements Of ComplianceNow is the time to start preparing for the next series of audits. While this year’s audit results might not be available for years to come, a company should always try to be proactive about protecting their customers’ information. Take initiative with this PDF featuring the Seven Fundamental Elements of an Effective Compliance Program.

Every business that interacts with HIPAA needs to be realistic about their capabilities and seek outside help if they cannot manage that responsibility. With such stiff penalties awaiting those who violate HIPAA, working to get in compliance now can prevent disaster down the road.

Click here to Schedule a Meeting with a consultant.

a woman in a business suit is using a laptop

Reliable Network Monitoring Support

Reliable Network Monitoring Support Ensure network security and operational efficiency with robust network monitoring. A strong monitoring system is indispensable

a man holding a computer case with many wires

How to Protect Your Electronics Against Disaster

Know how to protect your business technology and electronics against natural disasters. It’s important for companies to develop a game plan that will ensure employees are able to communicate with others before, during, as well as after a natural disaster to keep the business running.

Let's Start a Conversation

Watch the video below and find out why you should fill out this form and start a conversation today.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.