With the start of a new year, many organizations take a second look at their business and make necessary changes. 2015 is looking like a challenging year in terms of data security. The New Year brings back the Office of Civil Rights (OCR) HIPAA audits. Both HIPAA Covered Entities (CEs) and Business Associates (BAs) will need to prepare for a potential OCR audit. In addition, the data breaches that made headlines in 2014 will surely continue into 2015. Protecting data will be an issue that every organization will need to be concerned about.
HIPAA Audits and Fines
The HIPAA audits, which will occur in 2015, will only affect a small amount of organizations but marks the start of a permanent audit process. In addition, the audits will look at BAs for the first time. Organizations have to realize that the random audits are only one way that OCR may scrutinize your HIPAA compliance program. Other ways include data breaches, patient or employee HIPAA privacy complaints and breaches by downstream BAs to name a few.
OCR has vowed to leverage large fines on organizations that have data breaches and are found to be neglecting HIPAA safeguards. The process of making an example of an organization that is not complying with HIPAA safeguards seems to be in full force.
Preparing for HIPAA Audits
Below is some information to help organizations make sure they are prepared for an OCR audit as well as lower the chance of having a data breach.
(Click on the links below for more information)
- Are you a Business Associate?
- Have you performed a Risk Assessment?
- Have you provided HIPAA security training for all employees?
- Do you have written policies and procedures on how to protect patient information?
- Do you have an incident response plan?
- Do you have Business Associate Agreements with your subcontractors?
Free HIPAA Security Training!
All Covered Entities and Business Associates need to train their employees on HIPAA security. We now offer free online HIPAA security training for Covered Entities and Business Associates. Find out more about our free training and send the information to ALL your colleagues and Business Associates.
Now it is easy to train your employees on protecting patient information!