The feds are coming, and they might be coming for you.
That’s right, the federal regulators overseeing the healthcare industry in the United States are ramping up their HIPAA enforcement activities including their soon-to-be-relaunched COMPLIANCE AUDITS. The feds want medical clinics and business associates to heed this warning. Conduct your risk analysis and assessments or face the consequences.
A whopping two-thirds of organizations audited under HIPAA did not conduct a risk assessment according to OCR senior adviser, Linda Sanches. That’s a huge number of organizations falling short of their compliance requirements, and it won’t be long until the penalties start raining down.
Jocelyn Samuels, the director of the Department of Health and Human Services, made her stance very clear in her first public appearance since taking on the job as the country’s top HIPAA muscle: Conduct your risk assessments as required under the HIPAA rules to mitigate risks and avoid breaches.
Samuels said, “We continue to see a lack of comprehensive and enterprise-wide risk analysis and risk management that leads to major breaches and other compliance problems.” Samuels’ strong-arm approach of enforcement is a key mechanism of her strategy to ensure compliance with HIPAA. This also includes business associates who work in the medical industry.
How can your clinic or business prevent hefty fines for non-compliance?
Business Associates: You Can No Longer Hide!
The next phase of HIPAA compliance audits will include you. Organizations will be chosen in the near future as part of the next volley of routine check-ins by the OCR.
Not chosen? Don’t celebrate just yet. If a breach occurs, your organization may be identified throughout the investigate process, and you could still find yourself liable for damages.
Be Forewarned: Conduct your Risk Assessment now. Failure to conduct a risk assessment could lead to large fines if a breach occurs and it is traced back to your organization. Don’t leave your practice and livelihood endangered because you decided a risk assessment wasn’t worth it.
Are you a medical clinic or business associate and not sure where to turn? Contact our team of medical IT professionals today. We will sit down with you and discuss how your organization can prepare today and what to watch out for in the future. We will also conduct a full HIPAA risk assessment or risk analysis to make sure any potential pitfalls are cleared up.