HIPAA Audits to Return With a Vengeance

Following issuance of the landmark HIPAA Omnibus Rule in 2013, the Office for Civil Rights (OCR) is now gearing up for another round of HIPAA privacy and security rule audits, targeting 1,200 firms — both covered entities and business associates.

Specifically, the audits will focus on 800 covered entities and 400 business associates, but the number represents "an oversupply," according to Susan McAndrew, OCR deputy director for health information privacy.

Yesterday, OCR published a notice in the Federal Register, explaining that it will survey "up to 1,200 covered entities, including health plans, healthcare clearinghouses and certain healthcare providers, and business associates, to determine suitability for the OCR HIPAA audit program."

In other words, the list of 1,200 could easily shrink in actual practice as company information is collected, including "recent data about the number of patient visits or insured lives, use of electronic information, revenue and business locations."

HIPAA stands for the Health Insurance Portability and Accountability Act. The privacy and security rules associated with HIPAA involve the collection, protection, storage, transmission and security of patients' protected health information, or PHI.

To better understand your company's responsibilities under HIPAA and its rules and regulations, please get a copy of our comprehensive HIPAA Compliance Program.

NOTE: The details in this blog are provided for informational purposes only. All answers are general in nature and do not constitute legal advice. If legal advice or other expert assistance is required, the services of a competent professional should be sought. The author specifically disclaims any and all liability arising directly or indirectly from the reliance on or use of this blog.
You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

No Comments »

  • theresa defino says:

    I'm pretty sure that Sue never said the audit was going to involve 1,200 entities. As you noted, that's a universe of those who will be asked to complete a survey to create a pool of auditees.


Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Comments (required)*