HIPAA Audits

Meticulous Research released a market research report “Healthcare Cybersecurity Market”, that indicated a number that anyone in healthcare would want to be aware of. They expect that by 2027 – which sounds far off but is NOT – the cybersecurity market within healthcare will reach $26.1billion with a compound annual growth rate (CAGR) of 19.8% …

While the world is moving to electronic storage as a standard, there are still physical documents within healthcare that need to be protected and fall under HIPAA regulations.  Let’s take a look at how that should be handled. As paper can pile up, how long do you have to store HIPAA documents?  And what do …

Hello, HIPAA The Health Insurance Portability and Accountability Act, better know as HIPAA, was passed by Congress in 1996 and called for the protection and confidential handling of protected health information (PHI). HIPAA still exists today, aiming to protect patients and their information, but it’s important to think about how far we’ve come in the …

Malicious cyberattacks are increasing every day around the globe. In fact, cyber-incidents nearly doubled from 82,000 incidents in 2016, to 159,700 in 2017. While the media often depicts large corporations as the primary target for cyberattacks, small business are just as likely – if not more likely to be targeted. An article on CSO looks …

This article was written by Matt Fisher and originally appeared on the Mirick O’Connell Health Law Blog.  It is published here with permission. At some point in time most group practices, hospitals or other provider organizations will receive a letter from the Office for Civil Rights (“OCR”). The letter will state that OCR received a …

Deven McGraw, deputy director of the Department of Health and Human Services’ Office for Civil Rights has announced that the department’s plans for initiating onsite audits is currently on hold and will remain so until more than 200 desk audits have been completed.  An article over on Data Breach Today gives us great detail on …

  In a cruel twist of fate, health care entities are being phished using an OCR (HHS Office of Civil Rights) email as the bait.  Here is the context:  HHS/OCR is the governmental entity in charge of enforcing the HIPAA statutes.  Back in May, we reported that OCR had started sending emails to Covered Entities …

Back in March, we reported that OCR had announced its Phase 2 Audit Program. When we last heard from OCR about Phase 2 HIPAA Audits, we saw that emails were being sent to Covered Entities and Business Associates.  The purpose of the emails was to verify and expand the OCR HIPAA audit pool.  We wrote …

HIPAA Secure Now! President and CEO writes an article for Physicians Practice called: Don’t Let HIPAA Audits, Ransomware Sink Your Practice At the same time medical practices are faced with the increased likelihood of a HIPAA audit, hackers hover around waiting to steal patients’ personal data and/or hold it hostage through ransomware scams. These practices …

Back in March, we reported that OCR had announced its Phase 2 Audit Program.   OCR stated that they would compile a database of both Covered Entities and Business Associates to form the basis of the pool of organizations potentially targeted for audit.  They have followed up on their intentions and in the last week organizations …

Watch HSN CEO discuss the next round of HIPAA Audits

Background Although HIPAA is an important set of laws passed to protect the sensitive medical information handled by millions of covered entities and business associates, Health and Human Services Office for Civil Rights (OCR) has never established a permanent compliance audit program.   Auditing activity to date by OCR has consisted of a pilot program of …