We received a call from a new client that came to us with a breach, and needed a comprehensive HIPAA Compliance Plan as quickly as possible in preparation for an HHS Audit.
The Breach
Years ago this client hired a very reputable Business Associate (BA) to store digital records. This BA was a very reputable provider, and even an industry staple. This client assumed the company to be secure and did not have the required BA Agreement.
Unfortunately, this BA was hacked and the PHI of 8,100 individuals were affected this included our clients’ PHI.
The client came to us in a panic, and not really knowing what to do. They had no compliance plan and we walked them through the compliance process. We took them through Total HIPAA’s HIPAA Prime program, which includes training, a detailed risk assessment, and creating a customized Compliance Plan.
The Audit
About a year into working with this client, they received the dreaded notification from HHS that they were being audited. Luckily, we had a head start on the plan, and were in the process of finalizing a few items. When the letter came, we had 30 days to produce the following items for HHS-
- Training Records
- Risk Assessment
- Privacy Policies and Procedures
- Security Policies and Procedures
When they received notice that they were going to be investigated by OCR we worked hand in hand with our client to answer any questions they had. OCR sent over a detailed list of questions and the Total HIPAA Compliance Team reviewed those questions and linked the answers to the Compliance Documents we had created for them.
We worked with the client as well as the client’s lawyer over the 30 day deadline to ensure they had all of the required documents requested by the OCR Auditor as well as answers to the auditor’s questions. We also pulled all training records for the company to ensure the client had those to send as well.
6 months later our client received another letter that due to their documentation of the breach as well as their compliance efforts post breach that “Based on the covered entity’s voluntary compliance actions in response to this incident, ORC is closing this matter.” Yay!
Our client sent it to us with this note:
“FREE!!!!!!!!!!!!!!!!!!!!!!!!!! Thank you so much for all the help from you and your team. I could have never pulled this off were it not for you. Please thank everyone up there who worked on my issues. I really thought we were done for.”
Total HIPAA specializes in HIPAA compliance services, helping businesses adhere to HIPAA guidelines and protect sensitive data. Our experts ensure your organization remains compliant with HIPAA regulations, meaning you can focus on your core operations while we handle documenting the policies and procedures that make up your HIPAA compliance plan. Trust Total HIPAA for comprehensive compliance solutions tailored to your needs. Book a clarity call today.