July 25, 2024 Running a small medical practice is a juggling act. Staff wear many hats, and HIPAA compliance often gets squeezed in amongst other tasks. Did you know that physicians spend an average of 10 to 19 hours per week on administrative duties such as HIPAA tasks? HIPAA legislation outlines how Covered Entities and Business Associates must handle and secure patient PHI (Protected Health Information). Specifically, a HIPAA Compliance Officer (HCO) must be designated to ensure compliance maintenance. This is a significant yet essential role, and one that staff in a busy, small office have little time to attend to. Here’s the good news: There are better ways to manage HIPAA compliance efficiently if you’re the HCO. Let’s explore the key duties of an HCO and how you can handle the numerous obligations that come with the role. What is an HCO? The HCO must ensure the practice follows HIPAA requirements and sufficiently follows all physical, administrative, and technical safeguards to protect sensitive patient data. Being an HCO is a significant role and crucial for patient data security. Many HCOs wear multiple hats within an organization, such as serving as the office manager or a doctor. This can sometimes feel overwhelming, but it’s important to remember that HIPAA compliance is a shared commitment. Just like a conductor leads an orchestra, the HCO sets the tone. However, like every musician, from the violinist to the triangle player, needs to play their part flawlessly, everyone in the organization must follow HIPAA rules to create a harmony of patient privacy. What is an HCO Responsible for? The HCO role oversees everything related to a HIPAA program. This includes managing documentation, training, reviewing updated legislation, conducting the Security Risk Analysis, and much more. As the HCO, you must ensure proper compliance with HIPAA regulations within your practice and serve as the primary resource for your staff regarding HIPAA concerns. You also need to uphold patient access rights and ensure patients receive their medical records promptly. In case of a HIPAA violation or breach, the HCO will investigate and report the situation to the Office for Civil Rights (OCR) accordingly. The HCO acts as the main point of contact for the OCR and serves as the liaison if further investigation is required. Sounds like a lot of work, right? The Cure for HCO Stress By now, you know the role of an HCO is complex and can be time-consuming, especially when the individual manages numerous roles in a practice. The time spent on HIPAA tasks reduces the time available for patient care and other tasks. Inaccurate documentation due to human error can also lead to non-compliance with federal standards, adding stress and complexity to an HCO’s role. Many HCOs have their trusty HIPAA binder bursting with disorganized documentation. While this physical documentation might be an easy band-aid for an organization, as HIPAA continues to evolve, your binder should too. We can all agree there are much more enjoyable activities than handling HIPAA documentation. That’s where smart software solutions can streamline compliance for a practice. Instead of taking hours each week, this process can be reduced to minutes with intelligent software that can identify vulnerabilities and provide insights for improvement. That sounds a lot better, right? To learn more about how to streamline your compliance program, saving time and cost and providing peace of mind for the HCO, schedule an educational consultation today with an Abyde expert.
Change Healthcare Breach: What You Need to Do
May 31, 2024 Since February, the Change Healthcare ransomware attack has dominated headlines in the medical industry, cited as likely the most significant breach ever in the U.S. health system. To quickly recap, a group of malicious hackers infiltrated Change Healthcare’s systems in February. The hackers had access to the system for nine days before infecting systems with ransomware on the 21st. When it was realized Change Healthcare’s systems were compromised, its systems were immediately disconnected to mitigate risks. This attack not only jeopardized patients’ Protected Health Information (PHI) but also caused detrimental impact on the healthcare industry at large. Change Healthcare processes 15 billion healthcare transactions annually. With these systems down, healthcare providers continue to struggle with basic processes, like filling prescriptions and getting paid through insurance claims. The latest update on the Change Healthcare breach has reached Capitol Hill. Andrew Witty, CEO of UnitedHealth Group, the parent company of Change Healthcare, testified at two congressional hearings on May 1st. At these hearings, the cause of the breach was acknowledged: a lack of multi-factor authentication prompts when logging into internal systems. Additionally, while Witty confirmed that the exact scope of impacted patients is unknown, it is expected to be very severe. One-third of Americans could be affected by this cyberattack. Although Change Healthcare’s lack of security protocols caused the catastrophic breach, it is still your practice’s responsibility to notify impacted patients. What You Need to Do The Office for Civil Rights (OCR) is still investigating the magnitude of this cyberattack, but guidance has been released. First, Change Healthcare is notifying stakeholders impacted by the breach. This includes Covered Entities and Business Associates. Business Associates must notify Covered Entities if their business is affected, and the responsibility to inform patients ultimately falls on Covered Entities. The Breach Notification Rule under HIPAA details what information needs to be shared with patients, including suspected dates the data was breached, what PHI was involved, and the next steps. Once it’s known that this breach impacted your patients, it’s vital to notify affected individuals without unreasonable delay and to inform the HHS. The media must also be notified if five hundred or more patients were affected. After this significant cyber attack, reviewing your risks and vulnerabilities is crucial. If a vast organization processing up to $2 trillion in medical claims annually can be hacked, so can your practice. Ensure standard security protocols, like multi-factor authentication, are in place to mitigate the risk of breaches. When it comes to your HIPAA compliance programs, securing your data is critical. For example, Abyde’s cloud-based software features an intuitive Security Risk Analysis (SRA) and ongoing compliance review to quickly identify and address risks to keep your practice’s sensitive data safe. As this breach is still under investigation, Abyde will keep Covered Entities and Business Associates up-to-date on the latest developments. Visit the HHS FAQ page on the Change Healthcare breach here. To learn more about software solutions to ensure protected compliance for your practice, schedule an educational consultation here with a compliance expert.
Strong Passwords, Strong Protection: World Password Day
May 2, 2024 Happy World Password Day! To celebrate, let’s refresh your password etiquette. With the most recent updates on the Change Healthcare breach, you don’t want to miss this opportunity to do some compliance housekeeping! Let’s dive into how to ensure your passwords are HIPAA-compliant, keeping Protected Health Information (PHI) secure. Best Practices First, let’s say ‘sayonara’ to ‘Password123!’. When it comes to creating a secure password, length is crucial. Forget complex passwords with limited characters. Aim for at least 8 characters, using a mix of uppercase and lowercase letters, numbers, and symbols. This creates a longer and more challenging code to crack. Next, create passphrases instead of passwords. Consider using easy-to-remember passphrases instead. A good example would be including your favorite book or restaurant in a sentence. For example: “MyFavoritePlaceToE@tIsThaiGardenOn46thSt!” Lastly, make your passwords unique across different accounts. Beyond the Password Two is Better than One Now that’s settled, let’s dig into the additional security steps to keep your practice safe. Don’t shy away from Multi-Factor Authentication (MFA); it’s your friend. Enable MFA wherever possible, adding an extra layer of security by requiring a second verification step, like a code from your phone, to access accounts. Imagine MFA as a second line of defense in password security. When not used properly, it can leave an open door for cyber attacks. We’ve seen this play out in the news recently. On May 1st, Andrew Witty–Chief Executive Officer of UnitedHealth Group–testified in front of Congress regarding the Change Healthcare breach. Witty stated that the attackers successfully compromised a stolen user ID and passwords due to a lack of multi-factor authentication. This attack has cost Change Healthcare a whopping $870 million… and counting! To think, this whole issue could have been avoided if they took 5 minutes out of their day to implement practical password protocols… Password Powerhouse Consider ‘hiring’ a password manager! Using a password manager can provide peace of mind, knowing your passwords are secure. These tools generate strong, unique passwords and securely store them, eliminating the need to remember countless complex combinations. Just remember to use a strong master password for the manager itself! Finally, don’t forget to update your passwords at least three times a year and immediately if you suspect a security breach or phishing attempt. What’s Next? Think of password etiquette like flossing your teeth – not the most fun activity, but neglecting it can lead to painful consequences. That’s where Abyde can help simplify your practice’s everyday compliance needs. Abyde’s software offers an all-in-one suite of compliance resources with password and multi-factor authentication best practices training, on-call compliance experts, and much more. To learn more about compliance for your practice, schedule an educational consultation with one of our experts today!
UnitedHealth Group in the Hot Seat: All Eyes on the Change Healthcare Breach
May 1, 2024 Over the last several months, your friends at Abyde have kept you updated on the latest in the Change Healthcare Breach. Since February 21st, this breach has held the healthcare industry captive, likely the most significant healthcare data breach in the United States ever. Change Healthcare, nestled under the UnitedHealth Group umbrella, processes about 50% of U.S. medical claims, is still picking up the pieces. If you work in healthcare, you feel the sting of the attack. Almost all hospitals reported financial damages because of the attack. So, how did we get here? You’re getting answers, as CEO of UnitedHealth Group, Andrew Witty, is set to testify in front of two congressional panels today. Don’t worry, we’re not going in blind! While Witty might be on center stage today, a written testimony has already been released. Stay tuned because we’re decoding this testimony and answering your burning questions. Pack your bags! We’re taking a quick trip to the Capitol! Party Crashers This compliance catastrophe began on February 21st, with the BlackCat hacking group infecting Change Healthcare’s systems with ransomware. However, the team of malicious hackers had been plotting for over a week, being in Change Healthcare’s systems for nine days before the attack. How did they get in? It wasn’t a Mission Impossible stunt, avoiding lasers and jumping between buildings, but a simple case of compromised credentials. Using a stolen login, the black-hat hackers could log into a Change Healthcare application portal and remotely access desktops. This portal didn’t have a standard security protocol: multi-factor authentication. Multi-factor authentication (MFA), like a code sent to your phone before logging in, is a typical security standard for protecting sensitive data. Implementing technical safeguards, like MFA, falls under the HIPAA Security Rule. Mopping up the Mess While Change Healthcare is no stranger to hacking attempts – thwarting 450,000 intrusions a year – once the ransomware was identified, Change Healthcare sprung into action. According to Witty, the Change Healthcare team immediately severed connectivity with the data centers to avoid the spread of ransom. Change Healthcare started from the bottom up, rebuilding the foundation of its technology infrastructure, replacing thousands of laptops, implementing new credentials, and new servers with the help of Tech powerhouses like Amazon and Google. As of today, the ransomware only impacted Change Healthcare and none of UnitedHealth Group’s other organizations. Witty also admitted to meeting ransom demands, saying it was one of the toughest decisions he’s ever had to make. What’s Next? These uninvited party crashers have put the UnitedHealth Group in hot water. These congressional hearings are just the tip of the iceberg for the medical titan. Here at Abyde, we’re keeping a close eye on things, and you can bet we’ll keep you in the loop through our blogs and social media on the latest in these hearings. Want to stay on top of all things compliance? Follow us and watch for our This Week in Compliance series – it’s your one-stop shop for compliance info!
Compliance Catastrophes: Stolen Devices
April 23, 2024 Welcome back to another blog on Compliance Catastrophes: real-ish world examples of nightmare scenarios! We’re going through the most common reasons for data breaches in healthcare and how your practice or business can stay safe. Stolen devices in the workplace are one of the main reasons for a breach. According to the OCR, theft accounts for nearly 20% of large breaches (five hundred or more patients affected) over the past ten years. A stolen device can quickly spiral into a HIPAA nightmare. That’s why devices need top-notch security for the safety of Electronic Protected Health Information (ePHI). No question, ePHI needs protection. That’s why I’m here to remind you: when you have a device with it, stay alert! Now, let’s see what happens when someone slips up and neglects their device protection responsibilities. Let me reintroduce our friend, Compliance Cathy, she’s having a tough week! Dinner with a Side of Disaster After a long day at the practice, Cathy was ready to get home and see her friends for dinner. When Cathy was at the restaurant, she left her computer bag on her passenger seat, being way more focused on the meal she was going to devour. While her steak was a perfect medium rare, the situation outside was a recipe for disaster! When Cathy got outside, her night was spoiled. Her car was broken into! She realized immediately what went wrong. Her work laptop was stolen. The worst part, her computer was unencrypted, meaning the thief had easy access to patients’ PHI at the practice! Device Safety 101 First, if you don’t have to bring home your work laptop, don’t! There’s less liability if the device is stored properly at work. Even if you leave it at work, make sure it is secure at all times. For instance, at your practice or business, make sure the doors are locked when no one is at work and proper security is installed, like alarms and cameras. Next, ensure all devices with PHI are properly encrypted. Encryption means sensitive data is unreadable for anyone except those authorized to view the information. Additionally, make sure strong password policies are in place. No more Password 123! Your friends at Abyde recommend that passwords must be at least 8 characters, including a number, an uppercase letter, a lowercase letter, and a symbol. Finally, make sure remote deletion is set up for all devices that have PHI, allowing you to use another device to wipe the stolen or lost device clean. Keeping it Real Stolen devices are a common compliance catastrophe, and the OCR has enforced fines for non-compliant practices. Don’t believe us? Here’s a real-life example of a stolen device catastrophe. In 2020, Lifespan ACE, a Rhode Island healthcare system, was fined over a million dollars when an employee’s car was broken into and an encrypted laptop was stolen. We’re not just making this stuff up! If you find yourself in a situation like Cathy’s, immediately alert the authorities of the theft. Contact your workplace and IT department, following company procedures. See if your practice has remote deletion in place, wiping the stolen device. Your IT partner will likely handle all remote deletion and encryption of sensitive data. Some companies provide these services specifically for healthcare. We’re more than happy to point you in the right direction when it comes to your compliance journey, so just reach out if you’re looking for the right services for your practice or business. Of course, ensure this breach is logged into your Abyde software and reported to the OCR. With the right protocols, you can prevent and mitigate a stolen device. While Cathy’s filet mignon dreams were burnt to a crisp, that doesn’t have to happen to you. To learn more about device safety, email us at info@abyde.com and follow us on social media for the latest news!
Compliance Catastrophes: Email Safety
April 22, 2024 Good morning! We hope we can cheer up your Monday blues with the announcement of our new educational series, Compliance Catastrophes: real-ish world examples of nightmare scenarios! Throughout this week, we’ll be releasing blogs and videos on common breaches of Protected Health Information (PHI) in healthcare, giving you the tips you need to stay secure. We’re starting our series with one of the most common HIPAA breaches: email scams. Email scams are very prevalent, with 91% of cyberattacks beginning with a phishing email. Phishing attempts are the most common form of cybercrime, with 3.4 BILLION spam emails sent daily. Now, before we get too far, let’s clear up any misconceptions. Phishing attempts are unfortunately not a Saturday night getaway on a boat with your friends catching fish, it’s much more like casting a lure of fake urgency or importance to try and ‘fish’ for personal information, like PHI. You might think that you could never fall for a phishing scam, but let me tell you, it happens quite often. Let me introduce you to the star of the week, Catastrophe Cathy. A One-way Ticket to a Breach Cathy was scrolling through her email, and she couldn’t believe her eyes! Her boss sent her an email offering her a week’s vacation to Italy! All she had to do was claim it by clicking the link listed at the bottom of the email. She was sold! It looked real; it said it was from her boss, Bob, and it even had his email signature! As she clicked the link, the malware began to work its nefarious magic – infecting her computer and getting access to PHI. Her dreams of seeing the Leaning Tower of Pisa came crashing down. Once she realized there was no trip. She panicked! What was she going to do? Email Safety 101 Now, we can be like Cathy if we aren’t careful when checking our emails! Falling for these phishing scams affects over 300,000 people a year, yielding over $50 million in losses. First, an always good rule of thumb: If it’s too good to be true, it’s not. Sorry, or scusa (sorry in Italian) Cathy! Next, always check who is sending the email. While it looked like it came from Bob the Boss, if she looked at the email address, she would have seen it came from Stevethescammer@email.com! Hackers pretending to be someone else at your organization is a very common practice known as spoofing. Lastly, if you see any odd links or attachments, never click them, report them as spam, delete them, and, if applicable, forward them to your organization’s phishing email! Phishing scams have also made a recent detrimental impact on healthcare. The OCR settled its first phishing cyber attack investigation, costing the Lafourche Medical Group $480,000! Reel in Control Now, if you find yourself falling for an email scam, the first thing you need to do is to alert your team. You might be embarrassed, but it’s brave to admit you’re wrong, ensuring others don’t fall for a similar attack, too. The most important step right now is to disconnect your device from the internet. Think of it like putting up a “closed for business” sign. This cuts off the hackers’ access and prevents them from finding more information on your network. Loop in your IT team or IT provider, and follow company procedures for a cyber attack. Of course, notify patients affected by the breach, and report the breach in your Abyde software and to the OCR. Also, since it is a phishing attempt, you can report it to the FTC. To learn more about common breaches, stay tuned to our blogs and videos this week! Follow us on social media to be the first to see the latest compliance news, and if you have any questions, email us at info@abyde.com.
The HIPAA Security Rule: What You Need to Know
April 19, 2024 This week, we’ve gone through what makes HIPAA, well, HIPAA. HIPAA, or the Health Insurance Portability and Accountability Act of 1996, comprises three rules. These rules include: Today, we’re talking about the Security Rule. Trust us, we know that compliance jargon can get complicated. That’s why we’re here to make it simple. What’s the Security Rule? Let’s kick it back to the totally rad 90s to give more insight. The year is 1996, and we’re entering the digital age. While we fought with dial-up and AOL was all the rage, more and more Electronic Protected Health Information (ePHI) was being created and transmitted digitally. HIPAA was signed into law because of this technological boom, needing federal guidance on the protection of health information with each new innovation. As a result, a part of HIPAA, the Security Rule was born. The Security Rule establishes the standards for how ePHI needs to be protected. This includes the administrative, physical, and technical safeguards to ensure ePHI is secure, remains private, and accurate. Building a Fortress Administrative safeguards are the first line of defense when it comes to protecting patient data. Administrative safeguards are policies and procedures that your practice or business does to ensure compliance and protection of ePHI. The Security Risk Analysis (SRA) is a classic example of an administrative safeguard. This proactive measure helps practices and business identify their risks and vulnerabilities when it comes to protecting PHI. The SRA is required under the Security Rule. Training also falls under administrative safeguards, ensuring all staff is knowledgeable and up-to-date with best practices to remain HIPAA-compliant. Keep it Secure You wouldn’t leave your keys lying around, would you? The same goes with PHI. Physical safeguards include a range of measures to secure ePHI. Common examples of the appropriate physical safeguards include: Tech Talk Now, alongside physical safeguards, technical safeguards are key to keeping ePHI safe. We hate to break it to you, but a lock isn’t going to protect your ePHI when there’s a hacker across the globe trying to breach your ePHI! Common examples of technical safeguards include: Covered Entities and Business Associates can get on track with these proper safeguards by working with your IT department or an IT partner. How Abyde Can Help Phew! Who knew HIPAA could get so complicated? Well, Abyde is here to save the day, simplifying the compliance process for your organization. Abyde’s software is tailored to fulfill HIPAA regulations, including an intuitive SRA, entertaining training, custom policies and procedures, and more. The Abyde software is here to make sure you Never Stress Over Compliance Again! If you are looking for an IT partner to assist you in implementing technological safeguards, we can also help with that, too! We have numerous IT partners who specialize in healthcare, knowing what you need to be secure. Reach out to info@abyde.com and call 1.800.594.0883 to find your next IT partner. To learn more about HIPAA compliance, email info@abyde.com and schedule an educational consultation here for Covered Entities and here for Business Associates.
Change Healthcare Breach: What We Know Now
March 14, 2024 BREAKING NEWS! Your friends at Abyde are right back at you with an update on the Change Healthcare breach. Check out our first blog post on the breach here! Now, to quickly bring you up to speed, Change Healthcare, a division of United Healthcare, was impacted by a ransomware attack. This ransomware attack is like nothing we’ve ever seen, and being called the most significant attack on our healthcare system of all time. This ransomware attack was disastrous, taking Change Healthcare systems offline, and making it impossible for healthcare providers to check for insurance eligibility, see new patients, properly process prescriptions correctly, and much more. Now, it’s been several weeks since the initial attack, and we have the latest scoop for you. What’s going on now? Well, now here comes the fallout. While some of the systems have been able to get back online, like pharmacy functions, Change Healthcare is still not 100%. This has been detrimental to healthcare providers, and is costing them $100 million a day! Now, I know that’s gotta hurt. Now, the lawsuits are starting to roll in. Now, multiple class action lawsuits have been filed against Change Healthcare/United Healthcare due to its inadequate security systems and how it’s been handled. Unfortunately, in this attack, it’s highly likely Protected Health Information (PHI) is in the hands of criminals. In this ransomware attack, over six TB of stolen data was encrypted by the deceptive hackers. So, these lawsuits are just getting started. The government is also involved in this breach, investigating the causes and effects of the ransomware attack. The FBI has run into this group of hackers before and has taken some of their servers offline, causing many to think this attack was of vengeance. The Department of Health and Human Services also came together to discuss and address the impact of the cyber attack for more to come. As of yesterday, March 13, the Office of Civil Rights also released a statement of beginning their investigation of the attack. It’s safe to say this is far from over, and it’s been a tough month for United Healthcare. What should I do? To keep up with the news, we recommend you follow our news page, where we release the newest updates in compliance news and the best tips for your practice or business. To keep up with the Change Healthcare system updates, you can follow this page here. To keep your practice or business safe, and avoid this hot water that United Healthcare found itself in, it is essential for you to proactively protect your organization. This includes working with an IT company, employing firewalls, encryption, and of course, having compliance software like Abyde. Abyde is your one-stop shop when it comes to compliance management, allowing you to evaluate your risks and address them before it’s too late. Need documentation in order? Yeah, all in the software. Oh and – let me stop you right there, yes, we also dynamically generate our personalized policies and procedures, so don’t worry about writing them. And if you experience a breach? We’re here for you. We have an awesome team of compliance experts here to help you navigate any situation, so you’re not alone. Want to learn more about compliance? Reach out to us at info@abyde.com and schedule a compliance consultation here for Covered Entities, and here for Business Associates!
Yikes! My Files Are Kidnapped!: What is Ransomware?
March 7, 2024 Ransomware. Even the name sounds ominous! With the Change Healthcare ransomware attack, you might have heard a lot about ransomware in the news lately. While the effects of the attack are wreaking havoc on the healthcare system, you might be wondering what this notorious ransomware is all about. Well, you’ve come to the right place! We’re here to educate you on ransomware and how your practice or organization can be prepared for this cybercrime. What is it, exactly? Ransomware is a form of malware, or malicious software, that encrypts the files of a victim and requires a ransom to access files again. This is a very common way hackers infiltrate healthcare systems and over 4,000 ransomware attacks occur a day! If you’re confused about how ransomware works, here’s a simple example: Dan the Doctor was having an alright day, and then he got an email that went to his practice that he thought would turn it into the best day of his life! The email said he won 20 million dollars! All he had to do was click the link in the email to receive it. He clicked it as soon as possible, already dreaming of spending the rest of his life on the beaches of Hawaii. Spoiler alert: his day was going to get a lot worse. As he clicked the link, ransomware began its sinister magic: encrypting patients’ protected health information (PHI). He couldn’t believe what he did, putting his patients and his practice in jeopardy. Then, to get access to these files again, he had to pay thousands of dollars, or these files would be put online, putting his innocent patients even more at risk. His dreams of Hawaii turned into a very hurt wallet and his patients at risk. While you might think that could never happen to you: email scams, or phishing, are the most common way ransomware attacks are sent. Our simple example is just a story, but it happens often in the healthcare field. For example, the most recent major cybercrime is the ongoing Change Healthcare ransomware attack, in which they paid 22 million dollars in ransom! The OCR is also beginning to fine practices and organizations that do not take the proper precautions against ransomware attacks. The first ransomware attack fine was announced in October, costing the Business Associate (BA) $100,000 in HIPAA fines. What do I do? Now, while ransomware attacks have become extremely prevalent, with a 278% increase in ransomware breaches reported to the OCR, there are precautions you can take. Working with an IT company is key for your practice or business, with prevention being the first line of defense. This includes things like encrypting your files, keeping all software up-to-date, having firewalls, antivirus and more. Additionally, working with a compliance program like Abyde also lowers your risk. By identifying your vulnerabilities and enacting the right protocols, ransomware stands no match! For instance, password updating, proper data handling, access controls, and training, are all different barriers that help your practice or business. Also, if your practice is infected by ransomware, do not pay the ransom, get the infected device offline and off the network, report the breach to the OCR, and get IT experts to investigate the attack. To learn more about how your practice can stay compliant and secure against ransomware attacks, email us at info@abyde.com and schedule consultations for Covered Entities here, and Business Associates here.
Don’t Get Caught Off Guard: HIPAA Audits are Back!
February 23, 2024 They’re Baaaaaack! And in this case, not the poltergeists in the 80s classic, but the Office For Civil Rights (OCR). The OCR shared some significant news, announcing their plans to reintroduce their random HIPAA audits program. The last time this program was in place was in 2016 – 2017, with over 200 Covered Entities and Business Associates audited to ensure HIPAA compliance. Before this program is officially implemented again, the OCR is surveying past audit participants, and hearing their feedback before random audits begin. However, Director of the OCR, Melanie Fontes Rainer, confirmed the audits would resume this year, “OCR intends to initiate audits of HIPAA-regulated entities later this year. These audits can assist regulated entities in improving their HIPAA compliance and their protection of health information.” The audits revealed eye-opening shortcomings of CEs and BAs, with Paul Hales of Hales Group describing that “86% of covered entities and 83% of business associates failed the risk analysis audit, and 94% of CEs and 88% of BAs failed the risk management audit”. Thankfully, this news doesn’t have to be like a horror movie if you’re proactive and take compliance seriously. What does this mean for you? While random HIPAA audits might seem very nerve-wracking for your practice or organization, with the proper tools, you can be easily prepared. These audits will help all in healthcare, highlighting the importance of being compliant and keeping patients’ data safe. That’s why Abyde is here to help. Our software simplifies compliance, allowing your practice to focus on what matters most, taking care of patients, or in the case of Business Associates, running your business. To learn more about how you can be prepared for the random OCR HIPAA audits, email us at info@abyde.com or schedule a compliance consultation below. MEDICAL PRACTICES: SCHEDULE CONSULTATION BUSINESS ASSOCIATES: SCHEDULE CONSULTATION