Compliance with the HIPAA regulations is not a discrete task, but rather an ongoing process. Many organizations, however, understandably struggle to remain current with changes in the law and changes in their organization. As a result, many organizations have one, if not many, compliance threats—a vulnerability that may trigger a government investigation and resulting liability.
The U.S. Department of Health & Human Services continues to investigate complaints and audit HIPAA covered entities and business associates. In the last two decades, the government has received and resolved over 200,000 complaints and a majority of its HIPAA investigations every year have resulted in corrective action against the entity or business associate.1 A list of the hundreds of current active investigations is available on the website for the Office for Civil Rights.2
HIPAA not only requires that covered health care providers and their business associates implement compliant policies and procedures, but also requires that they undertake an ongoing process of ensuring that protected health information is protected from new threats, changes in business practices, and changes in facilities and organization, among other things.
If you do not regularly undertake an analysis of your organization’s HIPAA policies and related practices, and how they are affected by changes to your organization, updates may be necessary to bring your organization back into compliance.
The P&F Solution
It is common for organizations to have gaps in their compliance—topics that were never adequately covered by compliance policies and procedures, or topics that, through time and change, have become sources of risk and noncompliance.
The attorneys at Pullano & Farrow have decades of experience preparing HIPAA compliant policies and procedures and reviewing existing policies and practices for necessary changes. Our attorneys will efficiently and thoroughly review your current policies, procedures, and practices and provide you with a detailed summary of areas where improvement is needed, guide you in how to implement those improvements, and provide you with any written policies and procedures your organization needs to bring it into compliance.