Updated: May 30, 2019
...unless you haven't done one and unless your State AG office steps in. Medical Informatics Engineering, Inc. (MIE) has paid $100,000 to the Office for Civil Rights (OCR), has agreed to pay $900,000 to settle a multi-state lawsuit, and entered into a two year corrective action plan (CAP), following a 2015 breach of 3.5M patients' worth of protected health information (PHI). As we've shared before, the OCR settlement is just one little part of the costs MIE will pay.
There really isn't anything new or original about this newest OCR CAP. The bottom line is that most organizations can conduct a thorough risk assessment or hire a consultant to show them how for pennies on the dollar amount a breach will cost. Contact us if you're unsure whether your last risk assessment would pass OCR standards. Which reminds us... we are becoming concerned at the number of companies offering "risk assessments" performed over the phone or via email. While an organization can be guided remotely by expert consultants - there is no shortcut to an accurate assessment of the risks to your PHI.
Stay (HIPAA) safe.