Major Compliance Issues Found in Latest Audits
94% Failed Due to Lack of Risk Management Plan

OCR Senior Advisor, Linda Sanches, updated the attendees of this year's NIST/OCR Security Conference as to the findings of their recent audits. Very few of the practices passed with good grades. The limited audits focused on required postings and patient access to medical records. Most practices have not gotten the message, the OCR has imposed a new fee structure that replaces your state allowed fees. You can charge patient's a flat fee of $6.50, to include postage, or charge patients based on your actual or average costs. If you charge actual costs you can include postage. In addition the OCR audits showed that practices are not providing and educating patients as to their right to receive digital copies of their medical records. As you read this you are most likey hearing about it for the first time yourself.

Postings of your Notice of Privacy Practice's in your office and on your web stie were another weak area for the practices that were audited. HIPAA requires your Notice of Privacy Practices to be posted in your lobby and on your web site (Home Page) and it must be downloadable. You must also post your pricing for medical records in your office or on your web site. Don't forget your Nondiscrimination Notice for Section 1557 that must be posted on your web site and in your office as well.

Have questions, call Michael McCoy at 813-892-4411.


Your biggest risk today is ransomware. New versions of this malware copy and steal your files then release them on the internet if you fail to pay. The Tampa Bay Surgery Center was attacked by the Dark Overlord Gang. The Dark Overlord Gang demanded a ransom which the Tampa Bay Surgery Center declined to pay so the Dark Overlords released 25,000 patient records onto the internet. They stated on Twitter that they "annoyed us" by not paying the ransom and that is why they released the records. Download our staff Ransomware Training Sheet here. Also get our Sample Phishing Email Training Sheet.

It is important to understand that any virus, malware or ransomware is a HIPAA Breach and a Breach Risk Assessment must be performed to determine if it is a reportable breach. That raises the cost and productivity losses to your organization with any successful attack. Training and the Security Rule are your best defenses to avoid malware as most malware is a result of human error. Make sure you are taking all the precautions reasonable for your organization which will include staff training on social engineering attacks, commercial grade firewalls. secure configurations, and audit logging & review. It all starts with a comprehensive risk assessment. You should use a qualified vendor if you have never performed a risk assessment. They will save you time, money and better prepare you for attacks and recovering from malware.

Services Overview

HITECH Assocaites offers a complete line of HIPAA services to help you meet your requirements with affordable pricing. You can meet your obligation to protect patient privacy without spending thousands of dollars. Let us show you and explain to you our HIPAA.HITECH products and services.

Contact Us

We are here to help you with all aspects of HIPAA compliance. Our rates are the best in the industry, our products 2nd to none, and our service is outstanding.

Address: 3905 Tampa Raod, Ste 213
City, State Oldsmar, Florida 34677
Phone: 813-892-4411
Fax: 877-667-5188
E-mail: mm@HipaaComplianceKit.com