Ready or not, Phase 2 of OCR's HIPAA audit program is nearly ready to begin, and healthcare organizations and their business associates (BA) should be prepared to open their books to federal regulators.
1. The audit is intended as an educational tool, but if auditors discover serious noncompliance issues, they may request OCR conduct an investigation to determine if enforcement action is necessary.
There are times when state privacy and security laws trump HIPAA, and healthcare organizations and their business associates (BA) should have a clear understanding of their compliance obligations in the midst of what can be a complex web of regulations.
If your organization experiences a data breach—an increasingly likely scenario—and PHI is exposed, chances are you will be hit with a lawsuit in short order.
There are compelling reasons with which to make a case to company executives of the benefits of a good data security program. It starts with return on investment calculations.
