The HIPAA privacy & security rule requires covered entities, including health care providers and health plans, and their business associates to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI held by the covered entity or business associate. Many compliance plans require this assessment on an annual or periodic basis. If it has been more than a year since your organization conducted a HIPAA risk assessment, a review of recent enforcement activity by the office for civil rights (OCR) indicates that now may be the time to do so.
OCR issued several new guidance documents and launched phase 2 of its HIPAA audit program. It has announced a new initiative to more widely investigate breaches of PHI. According to its website, Office for Civil Rights entered into 12 settlement agreements with health care providers, plans and business associates for breach of the HIPAA privacy and security rules in 2016. OCR levied $23.51 million in fines for HIPAA violations in 2016. However, it has levied only $6.19 million in 2015 and $7.94 million in 2014. Unending the trend, OCR has already exceeded its 2014 and 2015 totals in the first two months of 2017, including the second largest fine to date, resulting in civil money penalties totaling $11.375 million so far this year.
Telegenisys recently announced that its operations have been audited for and received certifications for ISO 9001:2015 and ISO 27001:2005 and HIPAA compliance and is committed to securing client data to the highest standards. Know more