2011-2012 HIPAA Audits Have Begun: Are You Ready to Prove HIPAA Compliance?

November 10, 2011
90 Views

Back in August, I blogged about the upcoming 2011 HIPAA Violations and Audits, and news of the government’s $9.2 million contract with auditing firm KPMG. Now that the OCR has officially launched its HIPAA Audit Program, even more relevant information has been released:

Back in August, I blogged about the upcoming 2011 HIPAA Violations and Audits, and news of the government’s $9.2 million contract with auditing firm KPMG. Now that the OCR has officially launched its HIPAA Audit Program, even more relevant information has been released:

  • Who: Every covered entity and business associate is eligible (although the program site states that “Business Associates will be included in future audits,” suggesting they won’t be addressed in this audit). HHS.gov states that the OCR may consider covered individual and organizational providers of health services, health plans of sizes and functions, and healthcare clearinghouses may be considered as well.
  • What: OCR is piloting a program to perform up to 150 audits of covered entities to assess privacy and security compliance.
  • Why: To satisfy the American Recovery and Reinvestment Act of 2009 (ARRA) Section 13411 of the HITECH Act and to check compliance with HIPAA Privacy and Security Rules and Breach Notification standards.
  • When: November 2011-December 2012.

Three Steps to the HIPAA Audit Process

  1. Staged in a three-step process, the first step was developing audit protocols.
  2. The second step will be the initial wave of audits in November 2011. This step will help shape how the rest of the audits will be conducted.
  3. Finally, the third step will be the full range of conducted audits.

How Will the Audit Program Work?

  1. Entities selected for an audit will be notified by the OCR and will have to provide documentation of privacy and security compliance efforts.
  2. Every audit requires a site visit and an audit report.
  3. Site visits will include interviews with key personnel and general observation of processes and operations to help determine compliance.
  4. After the site visit, auditors will give the entity a draft report showing how the audit was conducted, audit findings, and what actions the entity is taking in response to the findings.
  5. Before the report is finalized, the entity has a chance to discuss concerns and describe corrective actions taken to address those concerns.
  6. Final OCR report will include the steps the entity has taken to resolve compliance issues and describe the best practices of the entity.

Simplified Audit Schedule

2011-2012 HIPAA Audit Timeline

What is the OCR Planning to Get From These Audits?

The OCR will use the audit reports to determine what types of technical assistance needs to be developed and what types of correction action are most effective.

Need More HIPAA Guidance?

If you’re not sure your hosting solution is HIPAA compliant, or if your patient health information (PHI) is being secured in a HIPAA compliant data center, check out the Five Questions to Ask Your HIPAA Hosting Provider to get informed.

Looking for more information on the latest HIPAA ongoings? Check our HIPAA compliance blog category, HIPAA FAQ, or watch our recent HIPAA webinars to get educated on what you need to be HIPAA compliant.

You may be interested

Why Universal Healthcare is the Key to a Healthier and More Productive Society
Health care
344 views
Health care
344 views

Why Universal Healthcare is the Key to a Healthier and More Productive Society

Helen Heather - August 23, 2017

The United States remains the only country in the world without a universal healthcare system. Many critics have stated that…

Care On The Road: How Telemedicine Can Reach Truck Drivers
Mobile Health
17 views
Mobile Health
17 views

Care On The Road: How Telemedicine Can Reach Truck Drivers

Larry Alton - August 21, 2017

Telemedicine is considered a powerful tool for individuals living in rural areas, far from adequate services or in need of…

Where Is The Balance? Pushing Back Against Consumer Health Tech
eHealth
7 views
eHealth
7 views

Where Is The Balance? Pushing Back Against Consumer Health Tech

Larry Alton - August 18, 2017

When Republican Congressman Jason Chaffetz glibly remarked that Americans struggling to afford insurance should choose between that and their smartphones,…