If this past December were any indication, then the HIPAA Privacy Rule audits commencing this year could snare covered entities and their business associates big time. At the end of 2015, the Office for Civil Rights (OCR) issued some $5 million in fines for HIPAA violations to just three firms, one a small stand-alone pharmacy.

After an initial round of audits a few years back, which revealed┬áthat covered entities were largely ignoring the need for risk assessments of their procedures and processes, the OCR is returning to the field this year for another large-scale go at auditing firms with access to individuals’ protected health information (PHI).

Fines are capped at $1.5 million for repeated violations of a single HIPAA Privacy provision, but a firm could theoretically be found violating several provisions.

The OCR, a wing of the Department of Health and Human Services (HHS), is charged with enforcing provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

For the full story on how the Affordable Care Act (ACA, or Obamacare) affects your business, no matter how large or small, please obtain a copy of our comprehensive yet easy-to-follow Affordable Care Act Compliance Kit.