Health IT Pulse

Nov 10 2011   12:46PM GMT

OCR to begin random audits for HIPAA compliance

AnneSteciw Profile: AnneSteciw

Tags:
HIPAA audits
HIPAA Privacy Rule
HIPAA violations
Office for Civil Rights

Until recently, a health care organization’s HIPAA compliance was put to the test only when a patient specifically filed a complaint with the U.S. Department of Health and Human Services Office of Civil Rights (OCR).  But the HITECH Act has effected some changes in HIPAA compliance. The biggest change is the toughening up of data breach notification laws. Another big change is that HHS is required to conduct periodic audits of providers and business associates to ensure the organizations are HIPAA compliant.

OCR contracted with KPMG, LLP to develop the protocol for these HIPAA audits and to conduct 150 of them by December 31, 2012. Well, the hour is nigh: The first 20 audits — part of a pilot audit program to test the audit protocols — are slated to begin this month. OCR will select the entities to be audited, choosing a wide range of organization types and sizes.

Health care law expert David Harlow wonders if the HIPAA audits really matter, pointing out that the requirement for providers to publicly report data breaches affecting over 500 or more individuals has not, it seems, motivated a change in behavior.

And OCR is not exactly baring its teeth with these audits. According to the information posted about the HIPAA audit program on the HHS website, “Audits are primarily a compliance improvement activity. OCR will review the final reports, including the findings and actions taken by the audited entity to address findings.”

But the penalties can indeed be stiff for not meeting HIPAA compliance — especially if the organization fails to comply with an OCR investigation.

Penalties and audits aside, covered entities and business associates should be complying with HIPAA privacy and security rules simply as a matter of good business. After all, it’s the patient who could potentially suffer the most.

8  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • #OCR to begin random audits for #HIPAA compliance http://t.co/E5EqHgSO #EHR #HealthIT #HITsm
    43,525 pointsBadges:
    report
  • Get ready for #HIPAA audits. http://t.co/KIqKqbbY
    43,525 pointsBadges:
    report
  • Interesting... RT @DonFluckinger Get ready for #HIPAA audits. http://t.co/8muS2DFu
    43,525 pointsBadges:
    report
  • #OCR to begin random #HIPAA audit process, but will it matter? http://t.co/4BLuO3zV #healthIT #datasecurity #hitpol
    43,525 pointsBadges:
    report
  • OCR to begin random audits for HIPAA compliance http://t.co/zI1xkok1
    43,525 pointsBadges:
    report
  • #OCR to begin random audits for #HIPAA compliance http://t.co/E5EqHgSO #HealthIT #HITsm #HITpol #EHR
    43,525 pointsBadges:
    report
  • #MU next ?! RT @HITExchange: #OCR to begin random audits for #HIPAA compliance http://t.co/2Kfc8tjE #HealthIT #HITsm #HITpol #EHR #ONC
    43,525 pointsBadges:
    report
  • [...] of this stems from an increasingly aggressive regulatory approach, as exemplified by the Office for Civil Rights’ forthcoming random HIPAA compliance audits and calls from Sen. Al Franken (D-Minn.) for even tougher health data breach penalties. Part of [...]
    43,525 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: