The Office for Civil Rights (OCR) conducts investigations of healthcare organizations which can be triggered by a security incident/breach, patient/resident complaint, or whistleblowers. To ensure full compliance with the requirements and implementation specifications of HIPAA Privacy, Security and Breach Notification Rules. OCR has investigated over 26,000 cases where cases with imposed penalty averaged $1,579,715.11.
Every Covered Entity and Business Associate is investigation eligible. The primary objective is to assess compliance of the HIPAA regulated industry while focusing on selected specifications of HIPAA Privacy, Security, and Breach Notification Rules.
OCR published and audit protocol which encompasses requirements and implementation specifications from HIPAA Privacy, Security and Breach Notification Rules. Included in the protocol are:
- 89 Privacy requirements;
- 72 Security requirements; and
- 19 Breach Reporting requirements.
Based on the type of Covered Entity or Business Associate selected for investigation, OCR starts by requesting a copy of your policies and procedures in the area of investigation.
Make sure you have the proper protocols in place to ensure OCR compliance and expertly handle OCR investigations. If you don’t think that OCR will investigate, then ask the 35,995 organizations about when they were investigated.
Here’s Your Next Step…