Healthcare practices have had twenty years to adjust to HIPAA requirements. Although HIPAA is far from new, patient health information (PHI) theft has increased in intensity over the last several years, leaving many people understandably unsure if their personal information is safe. To combat emerging threats and encourage greater compliance, HIPAA announced a new policy of random audits in 2016, many of which will target dental practices. The Office of Civil Rights in the Department of Health and Human Services will begin performing both random desk and on-site audits. The desk audits will consist of asking entities to submit their security policies and procedures for review, while the in-person audits will take place by a member of the OCR. The HIPAA compliance audits will take place on site at both healthcare practices as well as “business associates,” including data hosting companies that house the patient information. The audits will focus on noncompliance in particular areas like consistent use – or lack thereof – of mandated encryption technology.

As random audits begin, healthcare practices must evaluate their vulnerabilities to avoid repercussions of fines ranging from $100 to $50,000 per violation with a maximum penalty of $1.5 million per year! Depending on the state, a HIPAA violator could moreover be subject to criminal prosecution and penalties or exclusion from Federal healthcare programs. In light of the uncertainly surrounding evolving HIPAA policies and procedures and the increase in rates of PHI theft, many practices have sought outside assistance to help ease the process and assure readiness for random audits.

For less than $7/day, PCIHIPAA makes it simple and affordable to protect your practice and maintain HIPAA compliance. If you would like more information about PCIHIPAA’s OfficeSafe solution please visit or call us at 800-588-0254.