Three steps to prepare for a HIPAA audit
How does it affect you?
Under the new HITECH provisions, sanctions for non-compliance are substantial and include tiered fines with a potential maximum of $1.5 million per identical violation per year.
- Civil actions are now possible
Under the HITECH Act, State Attorneys General can now bring civil actions to enforce HIPAA. Similarly, the Department of Justice is also empowered to enforce HIPAA where criminal activity is suspected.
- Remediation opportunity
If an audit deficiency is discovered, CEs will have 10 days prior to finalizing the audit report to discuss concerns and describe corrective actions implemented to address issues identified.
However, if they are not already substantially HIPAA-compliant, remediation may not be possible to avert fines or sanctions.