OCR HIPAA Audit Webinar: And the winning question is…

With over 400 participants in our February 15^th joint Apgar and Associates, ID Experts webinar “Are you prepared for an OCR HIPAA Audit or Investigation?” we had some great questions, as you can imagine. But some were worrisome to the extreme.

For instance, “Say we’re notified that we’re to be audited, what if we just choose not to participate or respond?”

Bad idea. Really bad idea. Remember last year about this time when Cignet was dinged $4.3 million for violations of the HIPAA Privacy Rule? Guess what a whopping $3 million of that penalty was all about? Refusal to respond.

“Cignet refused to respond…”

“Cignet failed to cooperate with OCR’s investigations on a continuing daily basis…”

“Covered entities are required under law to cooperate with the Department’s investigations.”

Those are all directly from the HHS news release as posted on their website.

No matter that you may feel the attention is unwarranted or the timeframe supremely inconvenient – laws are laws. That’s true whether you’re dealing directly with a federal agency or with their duly authorized and empowered representatives (say, a KPMG Auditor).

Understandably, notification of an impending audit can be overwhelmingly stressful. But please don’t choose the head-in-sand approach. The cost to your organization isn’t only in dollars; it’s potentially deadly to your hard-won business reputation, as well.

Our recommendation? Be ready; be responsive. We’ll help.