In 2015 and 2016, the number of confirmed violations doubled in comparison to the number confirmed in 2014. Approximately half of those in 2015 were found in November and December alone, following a directive from the Office of the Inspector General (OIG) to begin actively enforcing HIPAA policies.

Enforcement of HIPAA regulations is bringing more of those organizations it governs under scrutiny in light of recent breaches. HIPAA is being enforced, regardless of the size of your practice or your history of breaches, and there are steps that must be taken to protect you from fines of up to $6 million.

Cost of Non-Compliance is High

In 2016, an insurance holding company entered into a $3.5 million settlement after it experienced multiple breaches. The Office of Civil Rights (OCR) found the company had failed to conduct a risk assessment and implement security safeguards. HIPAA security risk assessments are important and many providers haven't performed one simply because they don't know where to start - or because they think they can't afford it.

The average fines imposed by the OCR to-date on a single organization for HIPAA violations is $1,070,585.

Fines range from as little as $100 to as much as $50,000 per category violation for the first offense, with maximum fines of up to $1.5 million per category violation per year. In addition to the fines imposed by the OCR, the cost of detecting the breach, notifying patients, additional responses, and lost business could cost tens of thousands for small practices to hundreds of thousands or millions for large medical networks and hospitals. These fines and additional costs are unnecessary and easily avoided by implementing precautions, such as Compliance Clinic, to manage these agreements and assessments.

Regular HIPAA Audit Program Will Launch In 2017

The OCR will complete their Phase 2 audits already in progress in 2017 and launch their regular auditing program the same year. Through these efforts, small practices, many of whom believe themselves beneath the scrutiny, will be subject to desk audits and potentially more intrusive on-site audits, regardless of whether they have suffered a data breach in the past. These audits will review more than just Business Associate Agreements, however Compliance Clinic will make the desk audits operate more smoothly by providing a single location where these agreements and corresponding risk analysis are stored and accessed.

Risk Assessment Analysis Must Be Updated Annually

Under the HIPAA Security Rule, our Healthcare Partners are now obligated to assure their Business Associates are also complying with HIPAA regulations. Doing so requires a risk assessment, which must be updated annually, and a signed Business Associate Agreement.

Compliance Clinic takes away the guesswork by making the risk assessment as simple as sending your Business Associates an email. Through our easy-to-use cloud platform, you can invite each of your associates to register for a free Associate account, allowing them to complete a self-assessment and electronically sign a HIPAA-compliant Business Associate Agreement. Each year, your associates will receive an automated reminder to update their assessment and sign a new Agreement. These documents are retained for download by either the Healthcare Partner or the Business Associate in the event of an audit.

Sign Up Now
Start 30-day FREE trial

Are You Vulnerable?

In the event of an audit, will you pass with flying colors? If you don't have signed Business Associate Agreements and updated Risk Assessments, you may be forced to pay large fines for violating HIPAA security and/or privacy rules.

Subscribe to our monthly newsletter to learn more about how Compliance Clinic helps medical practices like yours with HIPAA compliance requirements.

Your Name
Invalid email address

Do I Need an Associate Agreement for Compliance Clinic?

While we are more than happy to complete a Business Associate Agreement using our online platform, it’s not necessary. We do not require access to any protected health information (PHI), one of the key indicators for determining who a business associate is.

Evaluate Risk

identify risk

Evaluate the risk of new partnerships and business associates. Access documentation any time, from any device.

Identify My Vulnerabilities

Prepare for Audits

audit documentation included

Important documentation for HIPAA audits is included with a paid subscription - don't purchase a contract template, wait on your attorney, or pay expensive fines.

Manage My Compliance

Simplify Workflow

simplify workflow

Free up your staff to help grow your practice instead of working on compliance by automating reminders to service providers.

Make Compliance Simple

risk assessment

Annual Risk

Partner accounts invite their service providers to sign up for a free account and complete a risk survey. Surveys are completed online and retained for download by both parties in the event of an audit.

Invite Service Providers


Service Provider Agreements

Compliance Clinic provides you with a HIPAA-compliant agreement which your Business Associates electronically sign. Automated reminders let them know it's time to renew the agreement.

Start Free Trial

pre screen

Associate Pre-Screening

Invite potential Business Associates before services are provided so that you can assess the risks a new business relationship may introduce before potentially exposing protected health information.

Plans & Pricing

cloud solution

Cloud Based Solutions

Compliance Clinic is cloud-based, with no additional software to install, and offers a hassle-free alternative to managing your service providers on your own networks. We give you the time to do what you do best.