April Compliance Newsletter

April Compliance Newsletter

by Posted on: April 4, 2016Categories: HR & Compliance   

HHS has announced a second phase of its HIPAA Audit Program.

HIPAA established national standards for the privacy and security of protected health information (PHI) and the Health Information Technology for Economic and Clinical Health (HITECH) Act established breach notification requirements to provide greater transparency for individuals whose personal information may be at risk.  The Health and Human Service Office of Civil Right (OCR) became responsible for enforcing the HIPAA Rules.  A pilot program was released in 2011 and 2012 and through that pilot program the OCR developed an audit protocol and identified some overall findings and observations.

The Department of Health and Human Services (HHS) has announced that it has launched the second phase of its HIPPA audit program.  This will focus on the compliance points for HIPAA’s privacy, security and Breach notification rules. The OCR has a procedure they will follow in order to complete this phase:

  • Emails have already been sent to verify contact information
  • OCR will then send a pre-audit questionnaire
  • Selections will be made from those for actual audits
  • Both covered entities and business associated may be selected for the audits
  • If HIPAA audits reveal a serious compliance issue, HHS may initiate a compliance review

If selected, entities will be asked to provide information regarding HIPAA compliance, and they will have 10 business days to submit the requested information.  After this the OCR develops its draft findings, and the company then has 10 business days to review and respond to the findings.

If you are contacted regarding this audit and have any questions please reach out to us.  We can help you navigate the audit.  The OCR has stated that it will post an updated audit protocol on its website, once available this can be a guide for you.


Click here to read the full legislative brief! 





connect with us