Last week, the HHS Office for Civil Rights (OCR) announced the launch of phase 2 of the HIPAA Audit Program. OCR’s goal is to proactively uncover and address risks and vulnerabilities to protected health information (PHI). Effective immediately, OCR will ensure Covered Entities (CEs), their Business Associates (BAs) and vendors have comprehensive risk management frameworks in place.
CEs and BAs are required by law to implement the HIPAA security program and meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules.
Friends, this is serious business. Earlier this month, North Memorial Health Care of Minnesota settled potential HIPAA violations with OCR for $1.55 million. Click to read OCR’s 3/16/16 press release.
Can you withstand a fine or settlement of this amount?
CEs and their business associates are protected with Aegify RSC Suite, or alternatively through a combination of Aegify Risk Manager, Aegify Security Manager, Aegify Compliance Manager and Aegify BA-Vendor Manager. It’s easy to get started. Contact firstname.lastname@example.org.
Click to read OCR’s 3/21/16 press release.