We received news last week that HIPAA audits originally set to begin in late 2014 are going to remain on hold indefinitely.
It is unclear why the audits have again been postponed or what this means for enforcement. But I would stress to our clients and readers that this only lessens your company’s risk of an audit (which was realistically low anyway). This certainly does not lessen your risk of a data breach or security incident in 2015 – which many experts content is virtually assured to happen.
Of course I know that, without the threat of audit or enforcement action, many organizations will take their foot off the security pedal. This would be naïve. The intent of HIPAA regulations is to help protect patient information but, ultimately, also to protect healthcare organizations from the fallout of a breach.
Don’t let your security focus wane with less regulatory pressure. You only need to look at constant security incidents and healthcare data breaches in the news every day to find motivation enough to protect your organization and your data.
If your company suffers a breach for which you were ill prepared, you will likely wish you could trade that experience (and the potential fines and other consequences) for an OCR audit.
Your organization’s greatest threat is not an audit. Contact our security experts today to keep your organization and your data safe from the real threats you may face in 2015.