Scoop – Top Targets in HIPAA Enforcement 2018

HIPAA enforcement continues in 2018. As Roger Severino, the Director of the Office for Civil Rights (OCR) said recently there is “no slowdown in our enforcement efforts,” and the agency will continue with the “same enforcement mindset.” He added that smaller companies should not assume they are off the radar. You may be vulnerable.

So, what should you be looking out for? Are there particular targets of enforcement you should know about? We believe there are. An analysis of the HIPAA Audits, and a review of recent HHS/OCR investigations reveals six top targets for both covered entities and business associates. These are areas that continue to be missed by covered entities (CEs) and business associates (BAs) and continue to draw attention of OCR. The conclusions and commentary by OCR in resolution agreements illustrate their priorities will continue to focus on these six areas in 2018. Each targeted area, or vulnerability, is covered in The HIPAA E-Tool®. 

  1. Risk Analysis – Risk Management

    • Failure to Manage Recognized Risk

    • Cyber Security

    • Software Security Updates & Patches

  2. Breach Notification Rule Compliance

    • Ransomware = Breach

  3.  Individual’s Right of Access to PHI

  4. Covered Entities

    • Notice of Privacy Practices

  5. Compliance with Business Associate Requirements
    • For both CEs & BAs

  6. Proper Disposal of PHI/EPHI

NOTE: Each of these elements is thoroughly addressed in The HIPAA E-Tool® with easy to follow steps to compliance – one example is shown below – an illustration of the Risk Analysis – Risk Management Module that guides the user through a three step process to inventory data, equipment, workforce and business associates, and assess and manage risks. All of it is saved to populate the Risk Management Plan, and then archived for next year, so next year’s work won’t duplicate everything already created – only new information needs to be added. 

No other HIPAA compliance solution is as complete or legally sound as The HIPAA E-Tool® and no other solution offers a separate and complete program designed specifically for business associates. 

Your best protection is proactive – act today.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start Kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Share This Post

Share on facebook
Share on twitter
Share on linkedin

Maggie Hales

Maggie Hales is a lawyer specializing in health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2021 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Service | Privacy Policy

Powered by JEMSU

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
St. Louis, MO 63124

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free