The pMD Blog

Welcome to the
pMD Blog...

where we cover interesting and relevant news, insights, events, and more related to the health care industry and pMD. Most importantly, this blog is a fun, engaging way to learn about developments in an ever-changing field that is heavily influenced by technology.

What to expect from the 2015 HIPAA Audits

2014 was beset by cyberattacks and health care privacy breaches (let’s not forget Sony’s recent escapade), so it’s no surprise that cybersecurity regulations will be heightened in 2015. Earlier this month Jocelyn Samuels, Director of the Office for Civil Rights (OCR) at the Department of Health and Human Services, addressed the severity of the current health care IT security issues:

“We are certainly seeing a rise in the number of individuals affected by hacking [and information technology] incidents, as reported by entities under our breach notification requirements, especially those due to malware compromising the security of information technology resources,” wrote Samuels. Samuels asserted the agency’s proactive HIPAA enforcement priorities for 2015 and increased focus on ePHI security.

Working with medical practices and physicians on a daily basis with charge capture, it surprises me how nonchalant many providers are when it comes to HIPAA-compliance with patient data. Their goal is to care for their patients, and seemingly tedious regulations are often ignored. But a new phase of HIPAA audits is about to take place among medical organizations and will make the regulations that much harder to ignore.

Initial HIPAA-compliance audits occurred in 2011 and 2012 to determine if health care organizations were in compliance with security regulations around health care data. The roll out of phase 2 of the HIPAA audits was delayed in 2014, but the audits are expected to start in early 2015. HIPAA regulations apply to covered health care organizations as well as their business associates; those that hold or access sensitive patient data on a regular basis are eligible. Organizations found in violation of HIPAA regulations during the audits could face financial penalties.

If you haven’t done so already, and we sure hope you have, now is the time to implement a robust HIPAA-compliance policy. This includes adopting HIPAA-compliant software such as secure messaging and other data encryption techniques. It’s important to also test your systems for vulnerabilities that can leave sensitive patient information susceptible to breaches and malware. If you were to undergo a HIPAA audit today, would you pass?

Additional information for HIPAA audits, such as timing, scope, and guidelines, will be posted on the OCR website in the coming months.
ACA Account Management ACI Advancing Care Information AHCA AHRQ AI Alternative Payment Model Android API Apple Artificial Intelligence Audit BCRA Best Place to Work Big Data BPCI BPTW Bundled Payments Care Communities care coordination Care Navigation CDC Charge Capture Charge Capture App Charge Capture Software Charge Capture Solution Charge Capture Statistics Charge Lag CHIP CIO Clinical Communication Clinical Data Registry Clinically integrated network CMS Company Culture Conferences Connected Health Record culture custom reports Customer Interaction Customers cybersecurity Developer DHHS EHR Electronic Charge Capture Encryption epidemic FDA FHIR Flu fundamentals Goals Health Care Health Care Technology Health Care Web Health Information Exchange Health Record Healthcare HIE HIPAA HIPAA-Compliant Hospital Census Hospital Communication IA ICD-10 ICD-11 Improvement Activities interoperability iOS iOS 8 iOS7 iPad iPhone iPhone 6 Lead Generation MACRA Medical Billing Medical Software Medicare Mentorship Messaging Messaging with Patients MGMA MIPS MIPS Registry mobile Mobile App Mobile Charge Capture Mobile EHR Mobile Health Mobile Messaging Mobile security Mobile Technology Modern Healthcare Native App news NIH OCM Oncology Care Model Patient Patient App Patient Care Patient Generated Health Data Patient Handoff Software Patient Information Patient Visits Patient-Centric pmd pMD Team population health Population Health Management PQRS Product Development Productivity QCDR Quality Scoring Recruiting Recruitment Reimbursement Remote Work reports Residents Responsibility Sales Secure Data Secure Messaging Secure Messaging Video Secure Text Messaging Security Audit SF Biz Times SOC 2 success support TCM Teamwork technology telehealth Text Messaging texting Travel Upgrades VA Value-based care Wearable Device Web App Work From Home