Ready or not, Phase 2 of OCR's HIPAA audit program is nearly ready to begin, and healthcare organizations and their business associates (BA) should be prepared to open their books to federal regulators.
1. The audit is intended as an educational tool, but if auditors discover serious noncompliance issues, they may request OCR conduct an investigation to determine if enforcement action is necessary.
Phase 2 of OCR's HIPAA audit program is coming down the pipeline, and although privacy and security officers are typically tasked with all things HIPAA, there's a seat at the table for HIM when it comes to preparing for audits.
There are compelling reasons with which to make a case to company executives of the benefits of a good data security program. It starts with return on investment calculations.
If your organization experiences a data breach—an increasingly likely scenario—and PHI is exposed, chances are you will be hit with a lawsuit in short order.
