Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Lessons Learned from Practice Fusion’s FTC Charges and Settlement

Posted on July 21, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Almost 3 years ago I wrote an article about Practice Fusion violating some physicians’ trust in sending millions of emails to their patients. It’s still shocking to me to read through the physicians’ reaction to having emails unknowingly sent out in their name to their patients. I spent about a month researching that story. That’s longer than I’ve done for any other article by a significant margin. What I discovered was just that compelling.

When I first was told about the story, it seemed possible that each of those emails (we estimated 9 million) was a HIPAA violation. However, as we researched the story more and talked with multiple experts, it seemed like only a small subset could have possibly been considered a HIPAA violation. Practice Fusion had done a pretty reasonable job on the HIPAA front in our opinion. We all learned a lot about HIPAA and patient emails from the experience. Not to mention the importance of physician trust in your EHR product.

With that said, Forbes read my articles and decided to write an article that extended on the research that I’d done for the story along with a follow up article that looked at some of the things patients were posting publicly in these physician reviews. Forbes didn’t link to my article since I was pretty cautious with the whole thing after Practice Fusion had threatened sending their lawyers my way. I didn’t have a bevy of lawyers behind me like Forbes. Plus, some other crazy things happened like people trying to discredit me in the comments from the same IP address in San Francisco and a fabricated blog post to try and discredit what I’d written. Needless to say, it was quite the experience.

There were some people encouraging me to take it much further and to expose some of the crazy things that went down. That wasn’t my interest. I’d told an important story that needed to be told in what I believed was a fair an accurate way. I didn’t have any other goals despite some people insinuating that I might have other intentions.

Three years after I wrote that story it’s interesting to see that the FTC finally published the complaint against Practice Fusion (they also shared an analysis) and the Settlement agreement. I guess our government does work as slow as we all imagine.

I’m not going to dive into the details of the settlement here, but I did discuss the lessons we can learn from Practice Fusion’s FTC complaint and settlement with Shahid Shah and from our discussion I came up with these important lessons that apply to any company working in healthcare IT.

Healthcare Needs to Worry About More Than HIPAA and OCR
I think that many healthcare IT organizations only worried about HIPAA and OCR (which enforces HIPAA) when developing their products and implementing them in healthcare. This example clearly illustrates that the FTC is interested in what you do in healthcare and they’re not just going to defer to OCR to ensure that things are going right. This is particularly true as healthcare becomes more and more consumer oriented. This advice is also timely given ONC’s report to congress about health data oversight beyond HIPAA.

Healthcare Interoperability and Public Disclosure Might Be Worse
One challenge with the FTC settlement is that it could cause many other healthcare IT vendors to use it as an excuse not to take the next step in engaging patients, sharing health information where it’s needed, and other things that will help to improve healthcare. The fear of government condemnation could cause many to balk at progressive initiatives that would benefit patients.

While I do think healthcare IT companies should be cautious, fear of the FTC shouldn’t be used as an excuse to do nothing. The reality of the Practice Fusion case wasn’t that they shouldn’t have built the product they did, it was just that they needed to better communicate what they were doing to both doctors and patients. If they had done so I wouldn’t have had an article to write and the FTC wouldn’t have had any issue with what they were doing.

Communicate Properly to Patients
Reading the FTC claim was interesting to me. In the month I spent researching the story, I felt that Practice Fusion had done a great job in their privacy notice saying that the patient’s review would be posted publicly. It stated as much in their policy and I found no fault in their posting the patient reviews in public. That’s why I didn’t write about them in my articles. Certainly they could have made it more clear to patients, but I put the responsibility on the patient to read the privacy policy. If the patient chooses not to read the privacy policy when sharing really intimate personal details in an online form, then I don’t have much sympathy for them.

Of course, I’m not a lawyer and the FTC found very different. The FTC thought that the disclosure to the patient should have reached out and grabbed consumers and that the key facts shouldn’t be buried in a hard-to-understand privacy policy. A good lawyer can help an organization find the balance of effectively meeting the FTC requirements, but also not scaring patients away from participating. Although, it can certainly be a challenge.

If You Can Identify Private Information You Should
There are some obvious things that we all know shouldn’t be posted publicly. These days with technologies like NLP (natural language processing), you can identify many of these obvious pieces of private data and ensure they’re hidden and never go public. These technologies aren’t perfect, but having them in place will show that you’ve made a best effort to ensure that consumers health data is kept as private as possible.

Communicate Better with Doctors
This might be the biggest thing I learned from the experience. I find it interesting that the FTC complaint barely even talks about it (maybe it’s not under the FTC’s purview?). However, what came through loud and clear from this experience is that you need to effectively communicate what you’re doing to the doctor. This is particularly true if you’re doing something in the doctors name. If not, you’re going to lose the trust of doctors.

The FTC has a blog post up which has more lessons for those of us in the healthcare industry. They’re worthy of consideration if you’re a health IT company that’s working with patients (yes, that’s pretty much all of you).

P.S. I find it interesting that the Patient Fusion website still lists 30,061 doctors on patient fusion, 181,818 appointments today, 1,844718 reviews, and 98% doctors recommended. The same numbers that were listed back in 2013:

I guess that page isn’t a real time feed. I also looked at the Patient Fusion website today to see how they showed reviews now. I didn’t scour the whole website, but it appears that they now only show the quantitative review score and not the qualitative review.

Healthcare Scene Quotes

Posted on July 8, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

My kids are out of school and driving my wife nuts. You know the drill if you have children. Since I work at home, I’m fully aware of what’s going on with the kids during summer break and so I try and help my wife where I can. This summer I had a great idea. I’d put my kids to work!

My kids love computers and anything to do with technology and so I figured if they were going to spend so much time in front of a screen, then they should find something productive to do. With that idea, I grabbed a bunch of quotes from previous blog posts we’d done on Healthcare Scene and asked my kids to turn those quotes into social media images I could share online.

Well, it turns out that only my 12-year-old had enough knowledge to do the work. The younger kids still have quite a bit to learn. The only other problem is my 12-year-old son is colorblind. So, that does produce some interesting results.

Long story short, take a look at some of the Healthcare Scene quotes that my son made. Not bad for a first try. I mostly love that he’s learning something useful. Let me know what you think. Each image links to the original post if you want to read the context.
Andy Slavitt - Physician Data Paradox

If you want patients to be prepared to care for themselves, treat them like adults and include them in what you’re doing.

Your online searches say a lot about your health, both physical and mental

Anyone could be breached and HIPAA will only protect you so much

How many healthcare ideas have been shot down because

HIM professionals should continue to assist in the quest for interoperability and electronic data sharing at the notion of patie

Applying Minecraft Lessons to Healthcare

Posted on July 7, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Isaac S. Kohane has a great article on STAT which talks about what the healthcare system can learn from Minecraft. As my 3 children addictively play with Minecraft behind me, I was particularly intrigued by what healthcare could learn from Minecraft. Isaac does a great job creating the comparison:

From outside the door to their command and control center, I discreetly observed the team, taking care not to disturb them. They stared intently at the moonlit landscape littered with hidden traps and vertiginous fjords displayed on the large console in front of them, tracking their own progress and that of 10 other far-flung teams as they collectively navigated through the complex virtual environment toward a common goal.

When one team seemed to get lost or momentarily confused, a colleague on another team would grab her smartphone and offer concise video guidance. It was a remarkable demonstration of using technology to coordinate teams in complex tasks without prior training.

Even more remarkable, no team member was older than 11. The software they were using was Minecraft, the virtual reality navigation game that has addicted millions of users worldwide.

He layers on these questions about today’s health system as compared with the Minecraft team described above:

How often, in your experience as patient, family member, doctor, or nurse, do all the members of the care team actually know what the current plan is, and who else is on the team? How easily can all team members monitor activities, figure out if the care is on the right track, and instantly conference to organize a course correction if needed?

Isaac is right that we can learn a lot from Minecraft. He offers some suggestions of why we don’t. I’d like to add a few of my own.

Simplify – I’m still shocked and amazed that Minecraft made an incredibly compelling game out of blocks. It’s amazing what my children can create out of blocks. I’m also amazed at how much fun they have doing it. Unfortunately, we haven’t spent the time needed to make our interfaces simpler. We layer on complexity after complexity instead of looking at ways we can continue to simplify. I realize that healthcare is complex, but much of healthcare isn’t complex. In fact, it’s quite mundane. We can simplify most of our health IT systems.

Fun – Minecraft is fun. It encourages creativity. Millions are addicted to it. Can you say the same about your EHR? Nope. That’s because EHR software wasn’t designed for fun or creativity. They were designed as big billing engines and government compliance engines (see meaningful use). Doctors would never describe billing or government compliance as fun. If EHR software were a care engine that helped them discover new care pathways, patient risks, new medical knowledge, etc, then they’d have fun. Yes, it would be a weird twisted medical kind of “fun”, but most of the doctors I know are totally into that stuff. Just look at the success of Figure 1 to see what I mean. Should EHR vendors start a new marketing campaign “Making EHR Fun Again”? (Shoutout to Bryce Harper for those baseball fans)

Collaborative – Minecraft would be a fun game on its own, but like healthcare wearables it would wear off quickly if it was just a standalone game. The thing that makes Minecraft so addicting is that it’s collaborative by nature. The collaboration provides a new level of addiction and accountability to everyone playing. Medicine could and should and in some places is collaborative by nature too, but our health IT and EHR systems are not. Imagine if collaboratively caring for a patient was as easy as it was to connect friends on Minecraft. Yes, I’ve even seen Minecraft on an iPad connect with Minecraft on Android. Collaboration between different systems is possible even if many in healthcare want to describe all the reasons it’s impossible.

Obviously there are big differences in Minecraft and Healthcare. While you can die in both, in Minecraft you just re-spawn and start playing again. The same isn’t true in healthcare. However, that’s exactly why we should consider why some things we take for granted in games like Minecraft are no where to be found in healthcare.

Happy 4th of July

Posted on July 4, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

EMR and HIPAA - 4th of July

I’m taking a break today and spending some time with family. I hope you’re doing the same. Despite the craziness that we see on the news every day, I still feel lucky to live in an extraordinary country. Having lived in a number of other countries, it gives me a great appreciation for the things we do have. It’s too bad the media seems to focus so much effort and energy on the things that divide us.

A big thank you to all those in the healthcare profession that are working on this day. I can only imagine the horrors that come from fireworks on this holiday. Thanks for taking care of us even on holidays.

The Need for an Improved Patient Focus and Patient Experience in Healthcare

Posted on July 1, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I had a chance to talk with Colin Hung from Stericycle, a real thought leader in the world of healthcare IT and patient engagement. You can watch our discussion below where we talk about the lack of patients at healthcare IT conferences and a healthcare IT vendor perspective around interaction with patients. Plus, we dive into the concept of patient experience and patient’s desire to communicate and interact with their physician. We also talk about self-scheduling appointments in healthcare and involving patients in product design.

Thanks to Colin for sharing a bit about the benefits of involving more patients in healthcare IT. I’m sure we could have talked for a few more hours about this topic.

What If Your Doctor Knew All Your Health Searches?

Posted on June 30, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Back in 2013, the Pew Research Internet Project found that 72% of internet users looked online for health information. This was well before the most recent update to Dr. Google. It’s only a matter of time that those health searches will end up going through some sort of AI solution (Siri, Alexa, Galaxy, etc) we bring into the home.

Imagine if we connected this font of health information and questions together with the healthcare establishment. What if your doctor had access to all of the health related searches you were doing? Might he be able to provide better service to you and your family?

Yes, I realize that this idea will be extremely controversial. There are some major privacy challenges and issues with this idea, but there’s also a lot of potential benefits. It seems a little bit hypocritical that we ask doctors to be open and transparent with our health records if we as patients aren’t going to be open and transparent with our medical concerns. Certainly, we should be able to control what and with whom we share this information, but I believe that many will be willing to share it with their doctors.

Yes, this will require a pretty dramatic shift in how our medical professionals will handle a patient visit. However, if I’ve been doing a bunch of searches around back pain, imagine how much different my visit to the doctor for an earache would be. Could that provide the opportunity for the doctor to talk to me about my back pain searches?

It’s fascinating to think how this is almost the complete opposite of the office visit today. I’ve seen doctors that wanted to only deal with one issue at a time. Those doctors have learned the special dance that allows them to avoid talking about more than the presenting concern. Many doctors learn essentially a new language that makes sure that they get in and out of the exam room quickly without bringing up the rabbit hole of potential health problems a patient might be actually experiencing.

That’s the reality of today’s medicine. This is what we pay them to do. That’s changing with things like CCM where a healthcare provider is paid to dig in a little deeper. It’s certainly not enough to fully change these behaviors.

Until the reimbursement fully changes over to doctors getting paid to keep you healthy, a doctor knowing your health searches won’t be of interest to most doctors. However, once reimbursement changes, a doctor will become much more interested in what’s really ailing you. Your online searches certainly will say a lot about your health, both physical and mental.

How Can Small Practices Thrive with MACRA?

Posted on June 29, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

UPDATE: In case you missed the live interview, you can watch the recorded conversation below:

2016 July - How Small Practices Can Thrive with MACRA - Headshots

On Thursday, July 7, 2016 at 3:30 PM ET (12:30 PM PT) I’ll be hosting a live video interview with the Chief Medical Officers of both Modernizing Medicine and Kareo. All of healthcare has been hit with the MACRA legislation and many talking heads are saying that MACRA is going to be a challenge for small practices. In this discussion, we’ll talk about how small practices can thrive within the changes that MACRA provides.

The great part is that you can join my live conversation with this panel of experts and even add your own comments to the discussion or ask them questions. All you need to do to watch live is visit this blog post on Thursday, July 7, 2016 at 3:30 PM ET (12:30 PM PT) and watch the video embed at the bottom of the post or you can subscribe to the blab directly. We’ll be doing a more formal interview for the first 30 minutes and then open up the Blab to others who want to add to the conversation or ask us questions. The conversation will be recorded as well and available on this post after the interview.

Here are a few more details about our panelists:

We hope you’ll join us live or enjoy the recorded version of our conversation. Plus, considering the length of the MACRA legislation, we welcome you to come and provide your insights into what the MACRA legislation means for small practices. We hope this will be an open discussion of the legislation and what impact it will have on small practices. Dr. Giannulli and Dr. Sherling are very well versed on the topic and will provide some tremendous insight into what to expect from MACRA.

If you’d like to see the archives of Healthcare Scene’s past interviews, you can find and subscribe to all of Healthcare Scene’s interviews on YouTube.

Finally, if you’d like to learn more about MACRA for small practices, I’ll be doing a detailed webinar on what we know about MACRA on July 13th at 1 PM ET (10 AM PT).

Applying Geospatial Analysis to Population Health

Posted on June 28, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This post is sponsored by Samsung Business. All thoughts and opinions are my own.

Megan Williams wrote a very interesting piece called “Geospatial Analysis: The Next Era of Population Health” in which she highlighted Kaiser’s efforts to use geospatial analysis as part of their population health efforts. Here’s her description of their project:

This means using data to inform policy adjustments and create intervention programs that lead to meaningful change. One of the best examples of this lies with healthcare giant Kaiser Permanente. In April, they launched a database that gave researchers the ability to examine patient DNA and bump it against behavioral and environmental health factors. The goal of the project is to pull information from half a million patients and use it to build one of the most “diverse repositories of environmental, genetic and health data in the world,” which could then be used to inform research around conditions including diabetes and cancer and their relationships to issues including localized violence, pollution, access to quality food and other factors.

This type of effort from Kaiser is quite incredible and I believe will truly be part of the way we shift the cost curve on healthcare costs. One challenge to this effort is that Kaiser has a very different business model than the rest of the healthcare system. They’re in a unique position where their business benefits from these types of population health efforts. Plus, Kaiser is very geographically oriented.

While Kaiser’s business model is currently very different, one could argue that the rest of healthcare is moving towards the Kaiser model. The shift to value based care and accountable care organizations is going to require the same geospatial analysis that Kaiser is building out today. Plus, hospital consolidation is providing real geographic dominance that wasn’t previously available. Will these shifting reimbursement models motivate all of the healthcare systems to care about the 99% of time patients spend outside of our care? I think they will and large healthcare organizations won’t have any choice in the matter.

There are a number of publicly and privately available data stores that are going to help in the geospatial analysis of a population’s health, but I don’t believe that’s going to be enough. In order to discover the real golden insights into a population, we’re going to have to look at the crossroads of data stores (behavioral, environmental, genomic, etc) combined together with personal health data. Some of that personal health data will come from things like EHR software, but I believe that the most powerful geospatial personal health data is going to come from an individual’s cell phone.

This isn’t a hard vision to see. Most of us now carry around a cell phone that knows a lot more about our health than we realize. Plus, it has a GPS where all of those actions can be plotted geospatially. Combine this personally collected health data with these large data stores and we’re likely to get a dramatically different understanding of your health.

While this is an exciting area of healthcare, I think we’d be wise to take a lesson from “big data” in healthcare. Far too many health systems spent millions of dollars building up these massive data warehouses of enterprise health data. Once they were built, they had no idea how to get value from them. Since then, we’ve seen a shift to “skinny data” as one vendor called it. Minimum viable data sets with specific action items tied to that data.

We should likely do the same with geospatial data and population health and focus on the minimum set of data that will provide actual results. We should start with the skinny data that delivers an improvement in health. Over time, those skinny data sets will combine into a population health platform that truly leverages big data in healthcare.

Where do you see geospatial data being used in healthcare? Where would you like to see it being used? What are the untapped opportunities that are waiting for us?

For more content like this, follow Samsung on Insights, Twitter, LinkedIn , YouTube and SlideShare.

Are You Ready for Stage 2 HIPAA Audits?

Posted on June 27, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Many organizations probably didn’t even realize that OCR (HHS’ department in charge of HIPAA) had put in place HIPAA audits since the pilot program only audited 115 covered entities. That’s likely to change for a lot more healthcare organizations (including business associates) as Stage 2 HIPAA Audits are rolled out. Is your organization ready for a HIPAA Audit?

After spending about 2 months scouring the Stage 2 HIPAA Audit prototol, HIPAA One put together a great comparison of the simplicity of stage 1 HIPAA audits versus stage 2 HIPAA audits:

What it was – Phase 1 of the OCR’s Privacy, Security and Breach Notification Audit Program:
  1. HITECH added Breach Notification to HIPAA and endorsed the OCR‘s Audit Program.
  2. Contained 169 total protocols.
  3. Pilot program included 115 covered entities.
What it is now – the HIPAA Audit Program-Phase 2:
  1. OCR is implementing Phase 2 to include both CEs and business associates (every covered entity and business associate is eligible for an audit)
  2. Provides an opportunity for the OCR to identify best practices, risks and issues before they result in bigger problems (e.g. resulting in a breach) through the expanded random audit program.
  3. 180 Enhanced protocols (groups of instructions) which contain the following updates:
    1. Privacy – 708 updates (individual lines of instructions)
      1. Most notable changes are more policies and procedures surrounding the HIPAA Privacy Officer as well as some changes for Health Plans and Business Associates.
    2. Security – 880 updates (individual lines of instructions)
      1. Most notable changes are that Health Plans must have assurances from their plan sponsors and all companies now have to get proof of HIPAA compliance from their business associates, vendors and subcontractors.

That’s a lot of changes that are going to impact a lot of organizations. How many organizations have spent the time seeing which of these changes are going to impact their organization? I’m sure the answer to that is not many since “ignorance is bliss” is the mantra of many healthcare organizations when it comes to HIPAA compliance.

Particularly interesting is that HIPAA One points out that many of the checklists, books, commercial compliance software, and even ONC’s own SRA tool are likely outdated for these new changes to the HIPAA audit protocol. They’re probably right, so make sure whatever tool you’re using to do a HIPAA SRA takes into account the new HIPAA audit protocol.

Just so we’re clear, there actually hasn’t been a change to the HIPAA Omnibus update in 2013. However, the HIPAA audit protocol clarifies how the HIPAA law will be interpreted during an audit. That means that many of the gray areas in the law have been clarified through the audit protocol.

In HIPAA One’s blog post, they outline some important next steps for healthcare organizations. I won’t replicate it here, but go and check it out if you’re a HIPAA compliance officer for your organization or forward it to your HIPAA compliance officer if you’re not. The first suggestion is a really key one since you want to make sure you’re getting your HIPAA audit emails from OCR.

It’s taken HHS and OCR a while to roll out the full HIPAA audit program. However, it’s fully functioning now and I expect 2016 will be a real wake-up call for many organizations that aren’t prepared for a HIPAA audit. Plus, many others will be woken up when their friends fail their HIPAA audit.

Is your organization ready for a HIPAA audit?

Full Disclosure: HIPAA One is an advertiser on Healthcare Scene.