Since 2011, the Office for Civil Rights (OCR) has been auditing healthcare providers and business associates to determine overall compliance with HIPAA’s privacy and security laws. At a recent HIPAA security conference, OCR Director Roger Severino announced that future efforts will focus on enforcement, and upcoming audits will use harsher investigative tools to hold bad actors accountable, according to a recent article on EIN Presswire.
Many practices and business associates have yet to implement the safeguards required under HIPAA. Enforcement for non-compliant offenders may include subpoenas, legal action, reimbursements to victims and penalties. Additionally, Bloomberg Law recently reported that OCR has been ratcheting up enforcement actions over the past three years, and as random HIPAA audits occur, increased penalties will most likely result.
Under the HIPAA Notification Rule, covered entities that experience a HIPAA data breach must self-report the breach to HHS. Some practices aren’t aware of the rules, so audits will help with compliance and overall enforcement. Penalties are no longer immaterial. Average fines range from $100 to $50,000 per HIPAA violation, and are capped at $1.5 million per year.
HIPAA compliance must be addressed continuously. Ongoing monitoring and periodic risk scans are advisable best practices, as threats can occur at any time. For more information on establishing an ongoing HIPAA compliance program for your medical practice, contact HIPAAcraticRx.