Imperial Valley Family Care Medical Group, APC has been a Compliancy Group customer since 2014. When they received a letter from the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) about a potential HIPAA violation after a laptop was stolen, they knew they could rely on Compliancy Group’s Audit Response Program™ and HIPAA expertise to protect their organization. Compliancy Group was IVFCMG’s essential first step in passing their HIPAA audit–sparing them the potential of hundreds of thousands of dollars in financial penalties.
IVFCMG is a physician’s multi-specialty group with over 16 locations throughout California. IVFCMG provides a range of medical services, and, besides primary care providers in Internal Medicine and Family Practice, covers the specialties of Cardiology, Gastroenterology, Nephrology, Neurology, OB/GYN, Female Pelvic Medicine/Urology, Reconstructive Surgery, and Rheumatology.
Don Caudill is IVFCMG’s Chief Strategic Officer. He spoke with us about his experiences using The Guard to pass Imperial’s HIPAA audit.
“It really comes down to the comprehensive nature of OCR’s questions,” said Caudill. “We were able to respond directly to all points of their investigation thanks to Compliancy Group. Not a single audit request or report was left out.”
As a large medical group, IVFCMG has extensive resources they used to address the potential breach and mitigate the impact to patients. These resources include California DOI (Department of Insurance) reporting, cyber security/liability insurance, and health care attorneys, “but our first response was to turn to Compliancy Group’s Audit Response Program,” said Caudill. “Their experts provided us with a full report and documentation proving that our HIPAA compliance program satisfied the law–which ultimately helped us avoid hundreds of thousands of dollars in fines.”
Compliancy Group’s Audit Response Program™ identified exactly the procedures IVFCMG needed to complete its internal investigation and incident reporting. Caudill said that this “ultimately made a huge impact on our ability to respond to OCR. We knew everything we needed to report just by doing everything we needed to outline in The Guard.”
Compliancy Group’s Audit Response Program™ helps organizations like Imperial to complete their OCR reports. Access is fully included in the price of a subscription to The Guard. This service and the extensive reporting generated by Compliancy Group are extended to any client who experiences a breach and ensuing OCR investigations. We’re proud to say that not a single client has ever failed an audit thanks to the HIPAA expertise provided by our Audit Response Program™.
When it comes to OCR investigations, organizations are given strict timelines by which they must submit the necessary documentation and reports. This is an important part of the investigation that gives federal auditors the information they need to determine if the organization in question is compliant with the law and/or is going to be exposed to potential fines.
“One of the things I was most impressed with Compliancy Group was their responsiveness,” said Caudill. “These are serious deadlines we were being faced with, but Compliancy Group was there every step of the way. They handled the time frames to deal with OCR and gave us guidance about what actions to take.”
After the initial reports were submitted, Caudill tells us that OCR asked for additional information–investigating another potential area to fine.
“At the end of the day, not only did Compliancy Group take the lead on front-end reporting deadlines generated from The Guard, but in response to OCR’s additional requests, Bob Grant–Chief Compliance Officer of Compliancy Group–dropped everything to put together a 384 page report. That’s no small task when you’re responding to a HIPAA Breach.”
In the end, OCR couldn’t find a single reason to fine IVFCMG. The organization was spared from the reputational and financial damage that follows a HIPAA investigation like this, thanks to Compliancy Group’s dedicated breach support.
Compliancy Group is proud to say that we’ve helped clients across the country, just like IVFCMG, pass their HIPAA audits. Our team of HIPAA experts give health care providers and service providers alike everything they need to address the growing challenges of HIPAA compliance.
With HIPAA fines reaching into the tens of millions each year, you can’t afford to have an incomplete compliance program! Only a solution that addresses the full extent of the law can spare you from HIPAA audits and fines. Find out why Compliancy Group is the industry-leader in compliance today!