News Stay informed about the latest enterprise technology news and product updates.

OCR to begin random audits for HIPAA compliance

Until recently, a health care organization’s HIPAA compliance was put to the test only when a patient specifically filed a complaint with the U.S. Department of Health and Human Services Office of Civil Rights (OCR).  But the HITECH Act has effected some changes in HIPAA compliance. The biggest change is the toughening up of data breach notification laws. Another big change is that HHS is required to conduct periodic audits of providers and business associates to ensure the organizations are HIPAA compliant.

OCR contracted with KPMG, LLP to develop the protocol for these HIPAA audits and to conduct 150 of them by December 31, 2012. Well, the hour is nigh: The first 20 audits — part of a pilot audit program to test the audit protocols — are slated to begin this month. OCR will select the entities to be audited, choosing a wide range of organization types and sizes.

Health care law expert David Harlow wonders if the HIPAA audits really matter, pointing out that the requirement for providers to publicly report data breaches affecting over 500 or more individuals has not, it seems, motivated a change in behavior.

And OCR is not exactly baring its teeth with these audits. According to the information posted about the HIPAA audit program on the HHS website, “Audits are primarily a compliance improvement activity. OCR will review the final reports, including the findings and actions taken by the audited entity to address findings.”

But the penalties can indeed be stiff for not meeting HIPAA compliance — especially if the organization fails to comply with an OCR investigation.

Penalties and audits aside, covered entities and business associates should be complying with HIPAA privacy and security rules simply as a matter of good business. After all, it’s the patient who could potentially suffer the most.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

#OCR to begin random audits for #HIPAA compliance #EHR #HealthIT #HITsm
Get ready for #HIPAA audits.
Interesting... RT @DonFluckinger Get ready for #HIPAA audits.
#OCR to begin random #HIPAA audit process, but will it matter? #healthIT #datasecurity #hitpol
OCR to begin random audits for HIPAA compliance
#OCR to begin random audits for #HIPAA compliance #HealthIT #HITsm #HITpol #EHR
#MU next ?! RT @HITExchange: #OCR to begin random audits for #HIPAA compliance #HealthIT #HITsm #HITpol #EHR #ONC
[...] of this stems from an increasingly aggressive regulatory approach, as exemplified by the Office for Civil Rights’ forthcoming random HIPAA compliance audits and calls from Sen. Al Franken (D-Minn.) for even tougher health data breach penalties. Part of [...]