The Office for Civil Rights (OCR) was set to begin HIPAA audits of covered entities and business associates next month, but the Department of Health and Human Services (HHS) is still constructing a Web portal to help in the process, thus delaying the start, according to Linda Sanches, OCR senior adviser.

“We recently had an opportunity to update the technology we’re using, giving us capabilities that we just didn’t have access to before,” Sanches told HealthIT Security. “OCR has held off on the start of audits so we could implement this new technology. I’m ready to go, but our technology isn’t quite there yet.”

The audits will be looking at compliance with the HIPAA privacy and security rules. Sanches indicated that encryption is arguably the biggest issue, saying, “I can’t believe how many organizations lose unencrypted thumb drives [containing individuals’ health information] left and right.”

As for the actual start date, Sanches would only say “stay tuned.” She made her remarks as part of the recently concluded Healthcare Information and Management Systems Society conference in Boston.

To ensure your company’s compliance with all health information rules and regulations, please order a copy of Personnel Concepts’ HIPAA Compliance Program.