Scoop - Top Targets in HIPAA Enforcement 2018

pexels-photo-695266.jpg

HIPAA enforcement continues in 2018. As Roger Severino, the Director of the Office for Civil Rights (OCR) said recently there is "no slowdown in our enforcement efforts," and the agency will continue with the "same enforcement mindset." He added that smaller companies should not assume they are off the radar. You may be vulnerable.

So, what should you be looking out for? Are there particular targets of enforcement you should know about? We believe there are. An analysis of the HIPAA Audits, and a review of recent HHS/OCR investigations reveals six top targets for both covered entities and business associates. These are areas that continue to be missed by covered entities (CEs) and business associates (BAs) and continue to draw attention of OCR. The conclusions and commentary by OCR in resolution agreements illustrate their priorities will continue to focus on these six areas in 2018. Each targeted area, or vulnerability, is covered in The HIPAA E-Tool®. 

  1. Risk Analysis – Risk Management

    • Failure to Manage Recognized Risk

    • Cyber Security

    • Software Security Updates & Patches

  2. Breach Notification Rule Compliance

    • Ransomware = Breach

  3.  Individual’s Right of Access to PHI

  4. Covered Entities

    • Notice of Privacy Practices

  5. Compliance with Business Associate Requirements
    • For both CEs & BAs

  6. Proper Disposal of PHI/EPHI

NOTE: Each of these elements is thoroughly addressed in The HIPAA E-Tool® with easy to follow steps to compliance - one example is shown below - an illustration of the Risk Analysis - Risk Management Module that guides the user through a three step process to inventory data, equipment, workforce and business associates, and assess and manage risks. All of it is saved to populate the Risk Management Plan, and then archived for next year, so next year's work won't duplicate everything already created - only new information needs to be added. 

Screen Shot 2018-03-14 at 7.24.33 PM.png

No other HIPAA compliance solution is as complete or legally sound as The HIPAA E-Tool® and no other solution offers a separate and complete program designed specifically for business associates. 

Your best protection is proactive – act today.