HIPAA Audits Begin as the OCR digs into BAA enforcement
In the lead-up to September 2013 we remember 60 days prior how frantic we were here at Mediprocity to make sure we had our technology audited and ready for detailed investigation by the OCR (Office of Civil Rights), and, how we were very detailed orientated when it came to locking in our BAA (Business Associate Agreements) and other documentation.
We were ready. We were ready for an audit and we expected to see some sort of action within the market when it came to enforcement. What we found on the other side of September 2013 was silence. It was like preparing for a giant party, the venue was rented and decorated, all the invitations went out and everyone on our team was dressed, but when we opened the front door to our grand event only two people walked in out of the hundreds we invited.
In the party world they call that a total 'dud' of an event. That did not deter us, we knew the law was not about to be repealed so we continued on. Over the past few years there have been a number of breaches reported, some larger than others and the fines levied have been significant. This reminded us that the jokes about the HIPAA police coming were not to be taken lightly and they were indeed coming.
On March 22nd, 2016 the announcements hit the wire with HealthLaw360.com putting out an article that the Federal march had begun. We knew that this was the year something was going to happen, we just didn't know when... well that day has arrived and it was recently reported by McKnight's.
HHS.gov has released a FACT SHEET that everyone should read. These initial desk audits will be the 'probing' to see just how prepared your organization is when it comes to the Omnibus ruling. Keep in mind, September 2013 was not yesterday. If you have not prepared your organization by now, your excuses will be ignored. Be prepared.
The old saying we just do not allow people to "text" at work, or, we do not allow use of mobile devices are not going to put you in a defensible position. How do you enforce that policy? How do you know with certainty that people are not texting and are adhering to your 'do not do it' policy? You need oversight, you need logging and metrics, you need encryption. This is a true mobile policy for HIPAA protection in the year 2016.
Mediprocity provides secure messaging and secure forms. We are an easy-turn-key system for your organization and we are built for healthcare. Find out today how easy and affordable it is to not only protect your organization, but also improve your communication workflow!