If healthcare organizations take a lesson from Blue Cross Blue Shield of Tennessee's (BCBST) $1.5 million settlement for its 2009 HIPAA breach, it's that they should wake up and pay attention to where their ePHI is contained and stored, says Ali Pabrai, MSEE, CISSP, CSCS.
With 20 initial "trial" audits completed, OCR expects to move forward with another 95 audits to measure HIPAA compliance before year's end, said Susan McAndrew, JD, OCR's deputy director for health information privacy. This represents a reduction in the number of audits (150) that were originally planned for 2012.
Sure, you understand the value of investing in improvements that will better protect your organization's PHI. But do the senior leaders who actually hold the purse strings get it?
Each year HCPro's Revenue Cycle Institute reports on the experience of providers related to the Recovery Audit Program. This article is adapted from the 2011 Recovery Auditor Benchmarking Report, released in early 2012 and includes additional comparisons of provider experiences since 2009.
