According to the HIPAA Blog , OCR will be focusing its HIPAA compliance oversight on entities that have a long history of noncompliance.
“Entities that can demonstrate efforts to create and nurture a ‘culture of compliance’ will come out of audits looking good,” according to the blog. “Entities that violate HIPAA in ways that raise a high risk of data breaches (such as with mobile devices) will bear the brunt of OCR’s enforcement activities, which will definitely be stepped up after publication of the Omnibus Rule. And if you don’t have policies and procedures in place, you will pay penalties.”
The blog picked up the tip from BNA .