850 West University Drive Suite B, Rochester, Michigan, 48307 248.234.4200

HIPAA Audit & Breach Incident Response

  • Home
  • HIPAA Audit & Breach Incident Response
[mp_row] [mp_span col="12"] [mp_text]

Data breaches and HIPAA audits are serious matters that require immediate attention. While every data breach is a problem, those that involve Protected Health Information (PHI) come with certain obligations under the HIPAA Breach Notification Rule and HITECH Act federal laws. A notice of HIPAA audit requires timely response to a request for information from the Department of Health & Human Services Office for Civil Rights (HHS OCR).  Time is of the essence in both cases to protect patients and your business.

[/mp_text] [/mp_span] [/mp_row] [mp_row] [mp_span col="12" classes=" motopress-space"] [mp_space] [/mp_span] [/mp_row] [mp_row] [mp_span col="12"] [mp_image id="1996" size="full" link_type="custom_url" link="#" target="false" align="left"] [/mp_span] [/mp_row] [mp_row] [mp_span col="12" classes=" motopress-space"] [mp_space] [/mp_span] [/mp_row] [mp_row] [mp_span col="6"] [mp_row_inner] [mp_span_inner col="12"] [mp_text]

HIPAA Audit

In a HIPAA audit, OCR will review your risk analysis & mitigation efforts, as well as your policies & procedures.  Documentation is critical. It’s not just what you’ve done that matters; it’s what you can prove you’ve done. There is a short window for response. And actions taken after the notice of audit likely won’t count.  The end result will likely be a negotiated monetary settlement plus a Corrective Action Plan (CAP).

[/mp_text] [/mp_span_inner] [/mp_row_inner] [mp_row_inner] [mp_span_inner col="12"] [mp_button text="Learn More" link="#" target="false" align="left" mp_style_classes="motopress-btn-color-silver motopress-btn-size-middle motopress-btn-rounded"] [/mp_span_inner] [/mp_row_inner] [/mp_span] [mp_span col="6"] [mp_row_inner] [mp_span_inner col="12"] [mp_text]

PHI Data Breach Incident

A PHI data breach incident will likely require an investigation into what caused the breach. This may require computer forensics which is usually expensive. It will also require mitigation including actions to prevent further loss of PHI and to minimize damage to patients resulting from the breach. Lastly, it will require notification to OCR, patients, and possibly the local media. And of course, there will be an OCR audit.

[/mp_text] [/mp_span_inner] [/mp_row_inner] [mp_row_inner] [mp_span_inner col="12"] [mp_button text="Learn More" link="#" target="false" align="left" mp_style_classes="motopress-btn-color-silver motopress-btn-size-middle motopress-btn-rounded"] [/mp_span_inner] [/mp_row_inner] [/mp_span] [/mp_row]