You hear it over and over again. Covered Entity (CE) A failed to produce an ongoing risk assessment for HIPAA security compliance. CE B had an incomplete risk analysis, leading to a failure to recognize security weaknesses and vulnerabilities. And in come the fines.
Better late than never. This is what some healthcare professionals are likely saying about the delayed release of the fiscal year (FY) 2014 OIG Work Plan, which was due to be released in fall 2013 but did not make an appearance until January 2014.
The HITECH Act, which included changes to the HIPAA Privacy and Security Rules, was signed into law by President Obama in February 2009?a full five years ago.
When OCR resumes its HIPAA audits sometime this year, healthcare organizations can expect members of the audit team to focus on key issues identified by the federal agency.
Although the majority of the provisions of the HIPAA Omnibus Rule have become effective, many Breach Notification Rule revisions cause confusion for organizations.
