Case Study-Health and Human Services (HHS) Office of Civil Rights (OCR) Comes to Town

We received a call from a new client that came to us with a breach, and needed a comprehensive HIPAA Compliance Plan as quickly as possible in preparation for an HHS Audit. 

The Breach

Years ago this client hired a very reputable Business Associate (BA) to store digital records. This BA was a very reputable provider, and even an industry staple. This client  assumed the company to be secure and did not have the required BA Agreement.

Unfortunately, this BA was hacked and the PHI of 8,100 individuals were affected this included our clients’ PHI.

The client came to us in a panic, and not really knowing what to do. They had no compliance plan and we walked them through the compliance process. We took them through Total HIPAA’s HIPAA Prime program, which includes training, a detailed risk assessment, and creating a customized Compliance Plan. 

The Audit

About a year into working with this client, they received the dreaded notification from HHS that they were being audited. Luckily, we had a head start on the plan, and were in the process of finalizing a few items. When the letter came, we had 30 days to produce the following items for HHS-

  1. Training Records
  2. Risk Assessment
  3. Privacy Policies and Procedures
  4. Security Policies and Procedures

When they received notice that they were going to be investigated by OCR we worked hand in hand with our client to answer any questions they had. OCR sent over a detailed list of questions and the Total HIPAA Compliance Team reviewed those questions and linked the answers to the Compliance Documents we had created for them. 

We worked with the client as well as the client’s lawyer over the 30 day deadline to ensure they had all of the required documents requested by the OCR Auditor as well as answers to the auditor’s questions. We also pulled all training records for the company to ensure the client had those to send as well. 

6 months later our client received another letter that due to their documentation of the breach as well as their compliance efforts post breach that “Based on the covered entity’s voluntary compliance actions in response to this incident, ORC is closing this matter.” Yay!

Our client sent it to us with this note:

“FREE!!!!!!!!!!!!!!!!!!!!!!!!!! Thank you so much for all the help from you and your team. I could have never pulled this off were it not for you. Please thank everyone up there who worked on my issues. I really thought we were done for.”

Total HIPAA specializes in HIPAA compliance services, helping businesses adhere to HIPAA guidelines and protect sensitive data. Our experts ensure your organization remains compliant with HIPAA regulations, meaning you can focus on your core operations while we handle documenting the policies and procedures that make up your HIPAA compliance plan. Trust Total HIPAA for comprehensive compliance solutions tailored to your needs. Book a clarity call today.

Sharing is caring!

Documents

Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.


Download Now

Want to stay informed?

Join our community, stay ahead of the curve on HIPAA compliance and receive free expert guidance.

State of HIPAA Compliance in 2024

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!

Document

Related Posts

What is Access Control in terms of HIPAA?

What is Access Control in terms of HIPAA?

Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization's network or information...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)