(800) 570-5879

info@hipaaetool.com

Logo featuring thumbprint badge and text
Maggie Hales

Maggie Hales

Scoop – Top Targets in HIPAA Enforcement 2018

HIPAA enforcement continues in 2018. As Roger Severino, the Director of the Office for Civil Rights (OCR) said recently there is “no slowdown in our enforcement efforts,” and the agency will continue with the “same enforcement mindset.” He added that smaller companies should not assume they are off the radar. You may be vulnerable.

So, what should you be looking out for? Are there particular targets of enforcement you should know about? We believe there are. An analysis of the HIPAA Audits, and a review of recent HHS/OCR investigations reveals six top targets for both covered entities and business associates. These are areas that continue to be missed by covered entities (CEs) and business associates (BAs) and continue to draw attention of OCR. The conclusions and commentary by OCR in resolution agreements illustrate their priorities will continue to focus on these six areas in 2018. Each targeted area, or vulnerability, is covered in The HIPAA E-Tool®. 

  1. Risk Analysis – Risk Management

    • Failure to Manage Recognized Risk

    • Cyber Security

    • Software Security Updates & Patches

  2. Breach Notification Rule Compliance

    • Ransomware = Breach

  3.  Individual’s Right of Access to PHI

  4. Covered Entities

    • Notice of Privacy Practices

  5. Compliance with Business Associate Requirements

    • For both CEs & BAs

  6. Proper Disposal of PHI/EPHI

NOTE: Each of these elements is thoroughly addressed in The HIPAA E-Tool® with easy to follow steps to compliance – one example is shown below – an illustration of the Risk Analysis – Risk Management Module that guides the user through a three step process to inventory data, equipment, workforce and business associates, and assess and manage risks. All of it is saved to populate the Risk Management Plan, and then archived for next year, so next year’s work won’t duplicate everything already created – only new information needs to be added. 

No other HIPAA compliance solution is as complete or legally sound as The HIPAA E-Tool® and no other solution offers a separate and complete program designed specifically for business associates. 

Your best protection is proactive – act today.

Share This Post

Maggie Hales

Maggie Hales is a lawyer focusing on health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2023 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Use | Privacy Policy | Cookies Policy | Privacy Settings | HTML/XML Sitemap

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

Office
8820 Ladue Road Suite 200
St. Louis, MO 63124

Powered by JEMSU