In 2015, the Department of Health and Human Services Office for Civil Rights has entered into six resolution agreements (RA) with healthcare organizations, including three in the past couple of weeks! The most recent RA came with a hefty $750,000 fine! The resolution agreements usually include corrective action plans, fines and regular reporting to the government. Examples of infractions include lack of appropriate policies and procedures for Information Security, breaches of ePHI, inappropriate disclosures, inadequate risk assessments, just to name a few.
How well equipped is your organization to handle a HIPAA audit or breach notification to the OCR?