7/24/2019 Get Ready for Increased OIG Scrutiny in 2016

1/4

The Coding Institute LLC, 2222 Sedwick Road, Durham, NC 27713, Eenterprise Contact: Sam Nair, Direct: 704 303 8150,

shyamn@codinginstitute.com

Get Ready for Increased OIG Scrutiny in 2016

By Susan Dooley

In 2016, what should HIPAA compliance officers expect to see in the way of privacy and security

enforcement? Heres what we know from 2015.

OIG Tells OCR to Start Auditing

First, the Health and Human Services (HHS) Office of the Inspector General (OIG) flat-out told the agency

charged with enforcing HIPAA, HHSs Office for Civil Rights (OCR), to get serious about enforcement. In a

September report, the OIG said that when covered entities (CEs) like health insurance companies,

pharmacies, and medical practices fail to safeguard patients protected health information (PHI), these

breaches expose patients to serious risks. These risks include fraud, identity theft, invasion of privacy,

and other harm. The OIGs September report maintained that the OCR is falling short in protecting

patients from these risks.

And thats not the only reason that OCR is on the hook. OIG also blamed OCR for failing to implement

the required CE audit program mandated by the HITECH Act, which required OCR to get an audit

program started by 2010. OIG also said that when OCR does charge a CE with failing to meet privacy rule

standards, OCR typically fails to follow up with proof that these CEs have corrected the lapses.

mailto:shyamn@codinginstitute.commailto:shyamn@codinginstitute.com

7/24/2019 Get Ready for Increased OIG Scrutiny in 2016

2/4

The Coding Institute LLC, 2222 Sedwick Road, Durham, NC 27713, Eenterprise Contact: Sam Nair, Direct: 704 303 8150,

shyamn@codinginstitute.com

OCRs Wall of Shame Logs 23 Breach Incidents in December

On the heels of the OIGs rebuke, OCR got busy in December, logging 23 reported breach incidents in

one month. The Wall of Shame, which is officially called the OCR Breach Portal, displays HIPAA breaches

that affect 500 or more individuals. Nineteen of the December breaches involved providers and four

affected health plans. Twelve of the breaches involved unauthorized access and disclosure, seven weredue to theft, three caused by hacking and IT incidents, and one was an incident of improper disclosure.

Interestingly, nine of the December breaches were low-tech, involving paper and/or film, plus one that

involved paper, film, and a desktop computer.

The largest breach in December 2015 belonged to St. Lukes Cornwall Hospital in Newburgh, New York,

which affected 29,156 people. This breach was caused by the theft of a portable electronic device. Most

other breaches in December affected far fewer people.

Overall, 2015, dubbed The Year of the Healthcare Hack by the Washington Post, was a record-breaking

year for healthcare breaches. In total, the health records of more than 102 million Americans were

improperly accessed or misused last year. Eight of the 10 largest healthcare provider hacks of all time

occurred in 2015, with the largest belonging to an insurer whose hacking-related breach affected 78.8

million people.

Get Ready for OCR Audits in 2016

After a year like 2015, you can expect OCR to stop licking its wounds and start getting busy trying to

ensure security of PHI. Providers should anticipate tougher and more frequent audits this year.

Here are some steps to take to prepare for OIG audits:

Gather information about your organizations existing security infrastructure, including its PHI- sharing

relationships with business associates (BAs), as well as with downstream providers.

Evaluate health IT vendors to make sure theyre compliant with your existing BA agreements. You might

want to ask BAs to prove their compliance with results from a recent security risk assessment.

Identify members of your team who will be prepared to respond to an audit request.

Conduct a mock HIPAA audit to fully assess you secure your organizations systems really are.

Are You Ready For OIG?Is your organization ready for a knock on the door from the OIG? Have you taken any special steps to

prepare for possible audits in the near future?Let us know.

mailto:shyamn@codinginstitute.commailto:shyamn@codinginstitute.commailto:shyamn@codinginstitute.commailto:shyamn@codinginstitute.commailto:shyamn@codinginstitute.commailto:shyamn@codinginstitute.com

7/24/2019 Get Ready for Increased OIG Scrutiny in 2016

3/4

The Coding Institute LLC, 2222 Sedwick Road, Durham, NC 27713, Eenterprise Contact: Sam Nair, Direct: 704 303 8150,

shyamn@codinginstitute.com

Manage Your Health Information With Less RiskRead Health Information

Compliance Alert!

Staying compliant with protecting health information is more important than ever, which is why Health

Information Compliance Alert can be your most trusted HIPAA compliance partner. Offering you expert

analysis and hands-on tools to improve your organizations risk management efforts and HIPAA

compliance, The Coding Institutes Health Information Compliance Alert newsletter is the indispensable

resource for health information management at all levels of healthcare, from the single provider

practice to the multifacility healthcare institution. Request yourfree sample today!

Health Information Compliance Alert

Timely News and Analysis on HIPAA, E-Health, Privacy, Security & Technology

Healthcare organizations are under growing pressure to comply with the Health Insurance Portability

and Accountability Act (HIPAA) in 2016 as violations could lead to multi-million dollar penalties. Ignoring

the constantly-evolving HIPAA rules and regulations could be a big risk. Small entities including physicianpractices struggle to have all the policies and procedures in place to effectively meet the requirements

and protect the privacy of patient health information. Hence, posing them to HIPAA compliance

catastrophe in 2016.

Why Compliance is more important than ever before?

Whether you are a small physician practice, hospital or business associate (BA), you need to understand

why compliance is more important than ever before. With the recent spurt in breach reporting and the

new random audit program, HIPAA compliance is something that every HIPAA entity and BA need to

take seriously.

HIPAA violations incur multi-million dollar penalties

If you dont take necessary steps to protect your patients rights and health information, you could be

hit with significant fines and penalties. And with the increased HIPAA fines starting at $10,000 in cases of

wilful neglect, following the privacy requirements and being in compliance are more important than

ever.

So how can you close HIPAA compliance gaps and get your policies in order?

Take expert help. Just subscribe to Health Information Compliance Alert!

Surefire tips, helpful advice, and expert guidance all in one resource!

Our monthly newsletter, Health Information Compliance Alert, will assist you in keeping HIPAA audits

and penalties at bay. The newsletter provides regular updates on the HIPAA compliance audit program,

insight on what you need to produce if you are audited by the HHS Office of Civil Rights, the new rights

that you must add into your policies, notice of privacy practices, and much more.

Get the most reliable, accurate, and timely coding instruction from the experts for just pennies a day

with Health Information Compliance Alert.

mailto:shyamn@codinginstitute.commailto:shyamn@codinginstitute.commailto:shyamn@codinginstitute.commailto:shyamn@codinginstitute.commailto:shyamn@codinginstitute.commailto:shyamn@codinginstitute.com

7/24/2019 Get Ready for Increased OIG Scrutiny in 2016

4/4

The Coding Institute LLC, 2222 Sedwick Road, Durham, NC 27713, Eenterprise Contact: Sam Nair, Direct: 704 303 8150,

shyamn@codinginstitute.com

Heres just a sample of the expert guidance and tips your peers are getting in every issue:

Weigh the pros & cons of communicating with patients via texting.

Could your practice be headed for a HIPAA compliance catastrophe?

Is a consent form a good idea for email communications? Get answers.

Kick off your cyber security action plan with this checklist.

Is a complete security risk analysis optional for small providers? Get help here.

Backup devices: Learn 3 critical lessons from the latest data breaches.

Debunk 10 myths about HIPAA security compliance.

Implementing new technology? Perform a risk analysis or pay the price. Heres why.

Ask 7 questions of your EHR developer.

Are you doing these 3 things when inventorying your BAs?

Avoiding data breaches: Find out who gets a report, and when and what must it say.

HIPAA in 2016: Prepare yourself for big trends.

Dispel 4 common PHI disclosure-related myths.

As a subscriber, youre connected to the industrys hottest resources at no extra cost:

SuperCoders Specialty Alert Archive

E-Subscription and E-Subscription + Print subscribers can look up a keyword-searchable database of

Health Information Compliance Alert on SuperCoder.com. Look up and review more than 180 archived

issues of the newsletter. A $199.95 value.

And, as always, you are entitled to our 100% Money-Back Satisfaction Guarantee. Call 704 303 8150

today to start receiving all of the compliance answers your team will ever need.

Enterprise Contact:

Name: Sam Nair

Title: Associate Director Enterprise Practice

Email:shyamn@codinginstitute.com

Direct: 704 303 8150

Desk: 866 228 9252, Ext: 4813

The Coding Institute LLC, 2222 Sedwick Road, Durham, NC 27713

mailto:shyamn@codinginstitute.commailto:shyamn@codinginstitute.commailto:shyamn@codinginstitute.commailto:shyamn@codinginstitute.com