December 8, 2015

    Upcoming Increased Enforcements in HIPAA for 2016

    In a world where data breaches are happening at an alarming frequency, the protection of medical data and other important types of health information is an absolute must. According to two recent reports (one issued by the Office of the Inspector General and the other by the Office for Civil Rights), a permanent audit program should be implemented to help groups strengthen their follow-up procedures in the aftermath of these types of events.

    What You Need to Know About Upcoming HIPAA Enforcements


    2016 HIPAA Audits

    Coming on the heels of these reports is the announcement that a second round of HIPAA compliance audits will take place starting in early 2016. In May of 2015, the Office for Civil Rights sent out a series of pre-audit screening surveys to all entities that could potentially be selected for this second round. A vendor for the audits, FCi Federal, has already been selected.


    Are Settlements on the Horizon?

    According to some, these HIPAA changes 2016 audits will likely result in a series of financial settlements for companies that have not maintained the level of compliance that was previously expected. This sheds important light on a key difference from the HIPAA pilot audit program, originally launched in 2011. That particular program was designed more from an educational perspective, providing entities with detailed information about what being HIPAA compliant actually entailed. The 2016 HIPAA audit program, on the other hand, is designed to make sure that organizations are actually maintaining that compliance and as a result, financial settlements and enforcement actions should be expected for those that aren't.

    The logic behind this decision is a simple one. Since the original 2011 audits, the working theory is that organizations have had more than enough time to take any necessary steps they needed to take to achieve and maintain their level of HIPAA compliance in terms of cyber security in the increasingly digital world in which we now live. Organizations have not only been informed of exactly what was expected of them, but they have had more than enough time to adequately make any internal or external changes necessary to bring them up to speed.

    Also of note is the fact that the Office for Civil Rights now has the ability to track the data breach reports of entities moving back a number of years, including breaches that were previously seen to be "low scale". Those would be breaches that affected less than 500 different people at one time. With this information, the upcoming audits will allow OCR representatives to get a clearer picture of the history of compliance within an organization, which will also no doubt be used when it comes to things like regulatory action moving forward. 

     

    Tag(s):

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts