Three steps to prepare for a HIPAA audit
What’s the bottom line?
A poor HIPAA audit outcome could initiate an OCR investigation that, in turn, can result in far more than fines and penalties.
While OCR stated that the findings from the planned 150 audits will not identify specific entities, follow-on compliance investigations are not likely to benefit from a similar degree of confidentiality.
Past enforcement actions were made public through press releases and web postings. With HITECH in force, poor outcomes have resulted in multimillion dollar fines and years of mandatory, external oversight of HIPAA privacy and security governance.
The potential brand damage and public embarrassment may well present the most significant risk. With such daunting consequences, CEs should approach these pending audits as a real and urgent business priority.
- Glen E. Day
+1 805 778 7030
- Reza Chapman
+1 602 369 4952