Results of Recent HIPAA Investigations

Results of Recent HIPAA Investigations

Posted by Amy Wood on Oct 20 2017, 11:05 AM

Results of Recent HIPAA Investigations

A few weeks ago I had the pleasure of attending a conference by OCR and NIST about HIPAA.  Among all my notes, this once section stood out -- current audit results from OCR.

Over the summer, OCR sent self assessment emails to Covered Entities.  So far, OCR has completed 166 of 803 audits.  We'll see the final results early next year.

The second part of the audit program is auditing Business Associates.  OCR is currently whittling down 20,000 potential Business Associates.  We'll keep up on this and let you know the results.

The things OCR was looking at closely were Risk Assessments, Risk Management Plans and Breach Notification Policies.

So far, they have had a lot of negligent offices.

A few items that were repeated incorrectly:

-Breach Notification letters were missing a date.

-Notice of Privacy Practices weren't current and missing Access Rights

-Website posting of Notice of Privacy Practices was not prominent.  Most were missing and those that were posted were hidden under Policy, Legal or Website Privacy Policy. 

Looking at this list is fairly frustrating, since they are pretty easy to do correctly.  I can only assume that the errors happened due to DIY compliance.


Share On

Leave A Reply

Please fill all the fields.

Talk to our experts

Start your journey to compliance by directly interacting with our experts. With extensive years of experience in making dental practices HIPAA Compliant, we provide everything from start to finish to make you compliant, safe, secure, and confident against data breach. Look no further, begin your training today by scheduling a class with our experts!