Are privacy and security laws being enforced effectively?
Under the HIPAA, various organizations can be randomly selected to be audited – even if no complaint has been issued against them and even if there has been no privacy incident or breach.
These HIPAA audits are conducted by the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR). If an organization is found to be in violation of HIPAA, they can be fined and/or have their Medicare or Medicaid payments suspended.
In 2015, OCR conducted 115 audits and found that 96% of those audited were not in compliance with at least one major provision of HIPAA. Furthermore, nearly half of the organizations audited had not completed a risk analysis – which is required by HIPAA.
These findings are particularly troubling given the amount of sensitive patient data that is now being collected and stored by healthcare organizations. With the adoption of electronic health records (EHRs) and the use of wearable devices and apps, patient data is more accessible and vulnerable to breaches than ever before.
In order to ensure that patient data is protected, it is essential that healthcare organizations take steps to comply with HIPAA. This includes conducting a risk analysis, implementing security measures, and training employees on privacy and security procedures.
Healthcare organizations that fail to comply with HIPAA could face steep fines and damage to their reputation. In addition, patients who have their data exposed in a breach may lose trust in the organization and choose to take their business elsewhere.
By taking steps to ensure compliance with HIPAA, healthcare organizations can protect patient data and avoid potential penalties.
Read more on LinkedIn Pulse: https://www.linkedin.com/today/post/article/20141027041209-2259773-the-most-alarming-fact-of-the-hipaa-audits
