HIPAA enforcement is here. Million dollar HIPAA settlements and the commencement of the Office for Civil Rights (OCR) HIPAA Audit Program sound a call to the industry to revisit our performance against the HIPAA Privacy and Security Rules, as well as the HITECH Breach Notification Interim Final Rule. Random audits are underway and OCR has made clear that it is stepping up its enforcement efforts.
For those organizations that have attested for meaningful use, the Center for Medicare and Medicaid Services (CMS) is readying its audit program. A provider being found deficient on a measure as part of a Meaningful Use audit may have the chance to re-create a report documenting proof, if appropriate. However, being found deficient on any one measure does translate into non-compliance. The prospective penalty? CMS could elect to recoup the provider’s entire stimulus for the reporting period in question.
CynergisTek and Davis Wright Tremaine have teamed to offer a unique portfolio of solutions and legal services in order to improve clients’ privacy and security programs and prepare them for these audits and the new era of heightened enforcement. CynergisTek’s experience working with one of the “First 20” organizations selected for the OCR audit, from their initial notification through the development of their response to KPMG’s report of findings, sets us apart from our industry peers. We are not guessing. We have direct experience that has informed all of our solutions.
Our portfolio of audit readiness and response services is specifically designed to evaluate and improve your organization’s compliance with HIPAA/HITECH and Meaningful Use based on OCR’s HIPAA Audit Program and CMS’s anticipated audit program for meaningful users.
No two organizations’ needs are the same. Your organization may want to measure itself against a real-world, invasive audit experience. Alternatively, you may want a less disruptive, in-depth review of your polices and procedures. This solutions portfolio has been designed to serve every organization and to accommodate different audit readiness objectives, including:
- CynergisTek-Davis Wright Tremaine HIPAA Audit Toolkit
- Audit Readiness Training Program
- Audit Response Readiness Exercise
- Mock Privacy and Security Audit
- Security Policy Review
- Security Policy and Operational Audit
- IT Security Risk Assessment
- Privacy and Security Program Design and Remediation
- Real-Time Audit and Investigation Assistance
Any of the solutions offerings can be performed under the direction of Davis Wright Tremaine, providing the benefit of legal consultation and a claim of attorney-client privilege governing the engagement.