1. The audit is intended as an educational tool, but if auditors discover serious noncompliance issues, they may request OCR conduct an investigation to determine if enforcement action is necessary.
Phase 2 of OCR's HIPAA audit program is coming down the pipeline, and although privacy and security officers are typically tasked with all things HIPAA, there's a seat at the table for HIM when it comes to preparing for audits.
There are compelling reasons with which to make a case to company executives of the benefits of a good data security program. It starts with return on investment calculations.
If your organization experiences a data breach—an increasingly likely scenario—and PHI is exposed, chances are you will be hit with a lawsuit in short order.
