Prepare for a Second Round of HIPAA Audits


Daniel Gottlieb warned provider organizations facing Office for Civil Rights (OCR) audits on compliance with HIPAA data security requirements that “OCR asks for a plan and timeline if they are doing an investigation. And if it’s out of date, that would be a flag that [providers] aren’t taking it seriously.” Mr. Gottlieb added, “You have to be really lucky to win the lottery and really unlucky to be one of providers selected for an audit,” but noted that “the bigger risk would be having a security breach, which would lead to an investigation.” Read the full article.