[ Thursday, August 25, 2011 ]
OCR's Standard Response: In the event of a breach that involves noncompliance and some serious impact, you might still get a "resolution agreement" from OCR rather than a fine/penalty (assuming you cooperate, of course). However, according to
Theresa Defino at AIS, you should still expect to be requried to re-write your policies, retrain your employees, institute some serious monitoring, and pay out some cash.
Jeff [9:03 AM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template