There are few things worse for a health care organization than a breach of PHI. One of them is being fined and/or monitored by HHS OCR after being breached. There are 5 categories of cases that OCR closes. Following a serious breach of PHI, we’ve worked with our clients and achieved Option D below. (One of our clients call us “Mr. Wolf” referring to Harvey Keitel’s famous character.)

OCR may decide not to investigate a case further if:
A. It is referred to the Department of Justice for prosecution.
B. It involved a natural disaster.
C. It was pursued, prosecuted, and resolved by state authorities.
D. The covered entity or business associate has taken steps to comply with the HIPAA Rules and OCR determines enforcement resources are better/more effectively deployed in other cases.

Our team is knowledgeable, experienced and fast. We have helped organizations respond to a wide range of breaches and stand up full HIPAA security and privacy programs in a matter of months, that resulted in Option D above.  Our experts also work with clients (from board level to technical and operations staff) to provide real breach response preparedness and resilience – not just “check-the-box” tabletop breach response exercises.  If you have an emergency, give us a call. If it’s less urgent, click the button below and we’ll follow up as soon as possible (within 1 business day).