[ Wednesday, February 20, 2013 ]
OCR to Focus Audits on Entities with Long-Standing Patterns of Non-Compliance
Jeff [8:14 PM]
. According to BNA
(subscription required), OCR will look for organizations with long histories of noncompliance, across all areas of the healthcare industry. Entities that can demonstrate efforts to create and nurture a "culture of compliance" will come out of audits looking good. Entities that violate HIPAA in ways that raise a high risk of data breaches (such as with mobile devices) will bear the brunt of OCR's enforcement activities, which will definitely be stepped up after publication of the Omnibus Rule. And if you don't have policies and procedures in place, you will pay penalties.
You have been warned.
Blogger: HIPAA Blog - Edit your Template