Following the March 2015 Anthem breach, many headlines have made the news as lawsuits were borne to support those citizens whose ePHI was affected. Not to be overlooked is today's "largest OCR settlement to date" of $16 million dollars; the previous high is $5.55 million paid in 2016. Aside from the data breach OCR determined that "... Anthem failed to conduct an enterprise-wide risk analysis, had insufficient procedures to regularly review information system activity, failed to identify and respond to suspected or known security incidents, and failed to implement adequate minimum access controls to prevent the cyber-attackers from accessing sensitive ePHI..."
More information can be found on the OCR website.
If you think HIPAA compliance is expensive - consider non-compliance and recall that the OCR is just one source of revenue loss. Give us a call if your HIPAA Security program isn't ready to withstand an OCR audit.