As we’ve spoken about before, HIPAA audits are underway in 2012, which is causing some healthcare IT departments concern. According to Govinfosecurity.com in an interview with HIPAA lead enforcer Leon Rodriguez, there will be less than 150 audits performed this year. Currently, there are 20 audits being conducted which are being used to ‘fine-tune‘ the overall process. All the entities who will be audited are going to be notified of it in the next few weeks. All of this information is interesting, but even more interesting is something Rodriguez revealed to the website later in their interview.
According to Rodriguez there’s a $2 million funding gap that will be covered by fines and penalties. Those fines and penalties could be used to increase enforcement action, so it doesn’t seem there’s any reason to think that HIPAA audits are going to be shortlived. Right now there are no audits slated for 2013 but it appears they may continue past that date. Rodriguez said that if violations were found, it was reasonable to assume they would extend audits to 2013.
Perhaps less surprising was the news that KPGM (the company hired to do the audits) has been finding plenty of violations, including ones that could be easily rectified. These issues are not generally complex ones. They can be fundamental issues like no finding no evidence the entity has ever performed a risk analysis, they have set no policies and implemented no procedures and no adequate technical safeguards for their existing data. As we’ve attempted to outline in previous articles, these steps may not be as difficult as people believe, if they contract with a competent security and compliance vendor who can solve their issue. Make sure to check out the whole article for the insights.
Check Out The New Videos On HIPAA
The HHS OCR also released videos on their YouTube channel that should be interesting for anyone who is interested in the subject. Your patient privacy rights are strong, and you should know them.
Check out the excellent video on how to comply with the HIPAA security rule. MostHost has the technology to help you comply easily.
At MostHost, our position is simple: if you have a HIPAA compliance problem, we’re here to help you solve it. We can demo our technology solution or give you a quote, if you fill out the form accessed by the link below.