"Does HHS really expect any of these entities to say that they didn't improve their HIPAA compliance as a result of the HIPAA audit?"

http://www.fierceemr.com/story/hipaa-ocr-hhs-stakeholders-need-double-ehr-security/2013-03-19

Stakeholders must double up on EHR security

March 21, 2013 | By Marla Durben Hirsch

"But the kicker is the last survey question, which asks the entities to "assess whether improvements in HIPAA compliance were achieved as a result of the audit program."

Does HHS really expect any of these entities to say that they didn't improve their HIPAA compliance as a result of the HIPAA audit? These entities unlucky enough to have been subjects of the audit have had all of their HIPAA privacy and security violations exposed to the government. They are low-hanging fruit should OCR opt to impose penalties, since the investigations have been completed. The best strategy they can take is to say that they've learned their lesson and now effectively are protecting their patients' data."

Read more: Stakeholders must double up on EHR security - FierceEMR http://www.fierceemr.com/story/hipaa-ocr-hhs-stakeholders-need-double-ehr-security/2013-03-19#ixzz2ODaAbARc
Subscribe: http://www.fierceemr.com/signup?sourceform=Viral-Tynt-FierceEMR-FierceEMR