It’s no secret that HIPAA compliance enforcement has always been soft. The Office of Civil Rights (OCR) has pretty much allowed covered entities to be self-policing, reporting breaches voluntarily. But that’s about to change in a major way, with major consequences for your organization.
9,100 red flags
Last year the OCR expected to receive from healthcare entities around 100 voluntary reports of healthcare information breaches involving more than 500 individuals. But when more than 9,100 reports came in
covering just 2010, it was time for pro-active enforcement.
9.2 million reasons why you should care
The OCR has granted KPMG a $9.2 million contract
to conduct audits of selected covered entities for compliance with the HIPAA legislation before December 31, 2012 This huge budget should tell you that these will be in-depth audits.
But what isn’t known is which entities will be audited and how deep within the group will the audits dig. Policies, practices and employee training will be under the microscope, as well as patient records, HR files, vendor contracts and employment applications related to the audited entities. In other words, these audits may affect organizations like yours.
What should you do?
It’s now more likely than ever that non-compliance in your organization will be caught and penalized with hefty fines, corrective action plans, media notification and ongoing monitoring. That means it’s time to review and test your policies and practices—honestly and objectively—to assess how well they meet the requirements of the applicable privacy laws
. If they fall short, bring them into compliance immediately—and be able to prove it to auditors.
See the opportunity to improve.
There is a silver lining. The desire to preserve the status quo is one of the most powerful forces known to man, but sometimes forced change can drive great improvement. Depending on your current information management protocols, you may be able to save time and money—and above all, mitigate your risk exposure—through outsourced solutions with trusted, reputable firms. You also may need a partner to help develop training materials and implement a formal program. To find out more about what you need do to protect yourself, request a free, in-office consultation with us.