OCR Audit Prep Services
The Office for Civil Rights (OCR) conducts investigations of health care organizations triggered by a security incident or breach, patient or resident complaint or whistleblowers. To ensure full compliance with the implementation specifications and requirements of the HIPAA Privacy, Security and Breach Notification Rules, OCR has investigated over 26,000 cases where imposed penalties averaged more than $1.57 million.
Every covered entity and business associate is investigation-eligible. The primary objective is to assess the HIPAA-regulated industry’s compliance while focusing on selected specifications of HIPAA Privacy, Security and Breach Notification Rules.
OCR published an audit protocol that encompasses requirements and implementation specifications from HIPAA Privacy, Security and Breach Notification Rules. The protocol includes the following:
- 89 Privacy requirements
- 72 Security requirements
- 19 OCR Breach Reporting requirements
Based on the type of business associate or covered entity selected for investigation, OCR starts by requesting a copy of your policies and procedures under scrutiny.
Implement the proper protocols to ensure OCR compliance and expertly handle OCR investigations. If you don’t think OCR will investigate, ask other organizations about when they were under investigation.
Avoid Costly Fees
If your organization commits a HIPAA violation or breach, you may be subject to hefty fines and settlements. OCR has imposed or settled a penalty in 55 cases, which have resulted in a total amount of more than $78 million. OCR has received more than 184,000 HIPAA complaints and initiated more than 900 compliance reviews.
Typically, the following are the most significant offenders of compliance issues:
- Health plans
- General hospitals
- Outpatient facilities
- Private physicians and practices
Penalties for civil HIPAA violations can range up to $50,000, though the annual maximum for repeat violations can be much higher.