On February 24, 2014, the Department of Health and Human Services’ (HHS) Office for Civil Rights (“OCR”) announced in the Federal Register that it plans to survey up to 1,200 organizations to identify candidates for audits under the Health Insurance Portability and Accountability Act (HIPAA) Audit Program. In accordance with the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, OCR is required to schedule periodic audits to ensure that covered entities and business associates are in compliance with HIPAA Privacy, Security, and Breach Notification Rules.
According to the notice, the survey will assess covered entities and business associates’ “suitability” (e.g., size, complexity and fitness) for an audit by collecting information from these respondents such as “number of patient visits or insured lives, use of electronic information, revenue, and business locations.” Although the total number of entities to be audited in 2014 is unclear, HHS expects that expanding the audit program to up to 1,200 organizations will provide a more accurate depiction of covered entities and business associates’ compliance with HIPAA. HHS will be accepting comments regarding this pre-audit survey until April 25, 2014.
Since the inception of the HIPAA Privacy and Security Rules in 1996, Wachler & Associates has counseled providers and other covered entities of all sizes in HIPAA compliance. In order to attain compliance, providers should update security policies and procedures, business associate agreements, privacy policies and procedures, and HIPAA privacy notices. In addition, all employees should receive ongoing training in HIPAA compliance. If your entity does not already have these procedures in place, Wachler & Associates can help you implement these important compliance measures. If you have any questions or require assistance developing and implementing a HIPAA compliance plan for your organization, please contact an experienced healthcare attorney at 248-544-0888 or at firstname.lastname@example.org.