Harsh penalties for unprepared health care organizations


Health care organizations must prepare for the next round of OCR audits or face harsh penalties.

This is according to LockPath, a provider of corporate governance, risk management, regulatory compliance (GRC) and information security (InfoSec) software.

“A recent survey found that only 58 percent of the medical practices polled had a HIPAA compliance plan. The remaining 42 percent either did not have a plan or were not aware if a plan exists. This could be bad news if randomly selected for an audit,” said the company.

When the second round of audits begin, providers can expect it to be more comprehensive with harsher penalties, believes LockPath, with experts anticipating a wide range of fine amounts.

Geraldine Davis, Department of Health and Human Services' Office for Civil Rights (OCR) representative, said: "OCR will look at covered entities and business associates' risk analysis and risk management (the Security Rule), the content and timeliness of breach notifications (the Breach Notification Rule) and the notice of privacy practices and access rights (the Privacy Rule)."

OCR Audits, LockPath, US, Geraldine Davis