HIPAA Secure Now! President and CEO writes an article for Physicians Practice called:
Don’t Let HIPAA Audits, Ransomware Sink Your Practice
At the same time medical practices are faced with the increased likelihood of a HIPAA audit, hackers hover around waiting to steal patients’ personal data and/or hold it hostage through ransomware scams. These practices could easily sink in the perfect storm created by the confluence of these twin threats — especially if they are weighed down with tens of thousands of unsecured patients’ records.
Though they may have ignored earlier warning signs, medical practices should not be surprised by the escalating risk of being saddled with a HIPAA compliance audit. During the 2011 Phase 1 round of audits, the Office of Civil Rights (OCR) in the Department of Health and Human Services (HHS) found a significant percentage of medical entities had not performed a comprehensive security risk assessment.
On top of that, the Office of the Inspector General criticized OCR for not investigating a sufficient number of small data breaches or tracking all healthcare organizations found to be violating federal privacy laws —criticisms that could prompt stricter enforcement and steeper fines