Published on:

OCR Issues ICR on HIPAA Audit Program

The Office for Civil Rights (OCR) enforces the Health Insurance Portability and Accountability Act (HIPAA) and oversees health information privacy in the Department of Health and Human Services (HHS). On Tuesday, a notice was published in the Federal Register asking for input and comments on the OCR’s HIPAA Audit Review Survey. The Information Collection Request (ICR) collected in this online survey looks at 115 Covered Entities (health plans, clearinghouses and providers) that were audited in 2012 by OCR.

The survey looks to collect information on just how effective these audits are and solicits opinions on the audit process itself. As part of that review, the online survey will be used to:

• Measure the effect of the HIPAA Audit program on covered entities • Gauge their attitudes towards the audit overall and in regards to major audit program features, such as the document request, communications received, the on-site visit, the audit-report findings and recommendations • Obtain estimates of costs incurred by covered entities, in time and money, spent responding to audit-related requests • Seek feedback on the effect of the HIPAA Audit program on the day-to-day business operations • Assess whether improvements in HIPAA compliance were achieved as a result of the Audit program
The information, opinions, and comments collected using the online survey will be used to produce recommendations for improving the HIPAA Audit program. In addition to seeking feedback on the planned survey, the Federal Register Notice asks for public comment on the estimated burden of the proposed survey. Read the published notice here for more details and for details on how to respond and comment. The comment period closes 60 days from the March 19, 2013 registration date.

Learn more about HIPAA audit process and compliance for covered entities on the HHS website. You can also learn more by visiting the OCR’s HIPAA Audit Protocol program information section.

If you are a HIPAA covered entity or business associate and need assistance with complying with the HIPAA Privacy and Security Rules, please contact one of Wachler & Associates’ experienced health law attorneys.