7 HIPAA Check-Up Questions to Screen for ‘Willful Neglect’
Our Process

Have you conducted and documented a current HIPAA Security Risk Analysis? Developing ‘best practice’ guidelines suggest that a HIPAA Security Risk Analysis should be conducted on an annual basis.
  1. Do you have written and updated HIPAA Privacy and Security policies in place? Due to changes mandated by the HIPAA/HITECH Act, your policies should likely have been reviewed, updated and implemented at some point after January 2013.
  2. Have you designated an individual who is knowledgeable and trained to function in the role of your HIPAA Privacy and Security Officials?
  3. Do you have a documented Risk Management program that meets the requirements of 45 CFR s.164.308(a)(1)(ii)(B) which is current and being properly maintained?
  4. Does your organization have a documented HIPAA education, awareness and training program in operation?
  5. Have you reviewed, revised and updated your Business Associate Agreements and conducted a reasonable inquiry as to your Business Associates’ HIPAA compliance status?
  6. Do you have a PHI Breach Response and Notification policy and process in place, and have you updated it to reflect changes made by the new HIPAA / HITECH rules?

If you answered ‘No’ to one or more of the above base level HIPAA compliance questions, you may be subject to a finding of “Willful Neglect” under the HIPAA/HITECH Omnibus Final Rule. A finding of ‘willful neglect’ removes almost all discretion and limits the opportunity for a meaningful dialogue to reach a fair resolution with the OCR (Office for Civil Rights) in the event of a breach or complaint investigation or audit.

The OCR is required to conduct an investigation whenever a preliminary review of the facts indicates a possible violation due to willful neglect. Further, the OCR must levy a mandatory minimum penalty whenever there is a finding of ‘willful neglect’. This would result in minimum mandatory fines starting at $10,000 per violation, which, if not corrected within 30 days, would increase to a mandatory $50,000 for each unresolved violation.

The Secure Choice for Your Business

In a world of shrinking IT budgets and increasing security threats, it’s essential for companies to get the most out of their security investments. With no long-term commitments or multi-year contracts required, our HIPAA Privacy and Security Compliance Services are budget friendly, high value services that are tailored to your specific requirements. Lower your cost of ownership and let your team focus on your business while our highly skilled certified experts ensure the safety of your data.


Healthcare Solutions

Start the Conversation
...with our Compliance Experts

Our belief is that every organization regardless of size deserves access to the same level of resources, innovation and technological expertise. For over 20 years, HBS has been supporting companies, schools, hospitals and government agencies of all sizes with all levels of need for technology improvements. Interested in learning more? Connect with HBS.

Are you ready to talk about your organization's technology? Call Heartland's Data and Application Experts or send us a message!


Enter security code:
 Security code