Government bodies like CMS, OCR, and HHS randomly but methodically conduct audits for reviewing HIPAA compliance. Fast Billing Solutions recommends that you should prepare for that ahead of time. We can help you by completing the risk analysis to ensure that you don’t face any penalty. Though chances of random audits by the government are quite low, risk and safety violations may lead to fines or legal actions.

Take a closer look at the possibilities below:

Situation Chances
Lottery Win 1 in 185,000,000
Shark Attack 1 in 11,000,000
Lightning Strike 1 in 700,000
Hole in One 1 in 12,500
Random HIPPA Audit 1 in 10,000
Random MU Audit 1 in 10
HIPPA Breach Related Audit 1 in ??


The focus of these audits is on verification of noncompliance with the OMNIBUS rules, HIPAA privacy, and security. Violation penalties depend on the negligence level that can be anywhere between $100 to $50,000 for a patient record or violation. The maximum penalty can be $1.5 million/year.  There is also the possibility of criminal charges that may cause a jail time penalty.

Charges and fines have two main categories; Willful Neglect and Reasonable Cause. The Willful Negligence fine can be between $10,000-$50,000/incident. It may also impose criminal charges in a worse case. On the other hand, the Reasonable Cause fine can be between $100-$50,000/incident and there will be no jail time.


The 1996 HIPAA needed the US Department of HHS secretary to make regulations to protect the security and privacy of particular health information. HHS published HIPAA Security and Privacy rules to meet this requirement. The Privacy Rule establishes standards to protect particular health information. The Security Rule establishes certain security standards to protect particular health data transferred or held in an electronic form.

Security Rule makes Privacy Rule protections operational by highlighting non-technical and technical safety measures known as “covered entities” must be ensured for securing individual e-PHI (electronic-protected-health-information). Within the HHS, the Civil Rights Officer (OCR) is responsible to enforce the Security and Privacy Rules with civil cash penalties and voluntary compliance.

Source: e-PHI and HIPAA Summary

Fast Billing Solutions Risk Analysis – The Process

Covered entities need to pass the OCR audit. For that, these entities need to have a documented, thorough, Security Risk Assessment established for the protection of e-PHI. Fast Billing Solutions takes this responsibility with exceptional care and finishes the security risk assessment by working with practices within a specific time according to the practice size.

Here are a few services that we offer:

  • Entitling a security and privacy official within the service place
  • Protected Health Information disposal logs
  • Employee training (HIPAA-related) encompassed within the uncapped service offering
  • Recovery plans for a disaster
  • Module-based, complete risk assessment
  • Constructing procedures and written policies
  • Guidelines for incident reporting and monitors for security incidents

It is essential to follow Security Rule obligations when making an SRA. Therefore, Fast Billing Solutions centers SRA on 3 (three) cores, including technical safeguards, physical safeguards, and administrative safeguards.

If you get an audit, anytime, we suggest that you must hire a professional for assistance. Several online tools are available to offer convenience. However, these tools are risky shortcuts. You don’t need ‘documentation’, but ‘Good documentation’. You can trust our HIPAA Security Risk Analysis services that are second to none.