By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    magnesium water can be good for your health but you can't have too much
    Is Drinking Magnesium Water Good for Your Health?
    October 17, 2023
    common misconseptions about brain injuries
    4 Common Myths and Misunderstandings About Brain Injuries
    February 5, 2023
    get a career in medical device sales
    What Are the Benefits of Attending Medical Sales College?
    April 10, 2023
    Latest News
    How Probate Planning Shapes the Future of Your Estate and Family Care
    July 17, 2025
    Beyond Nutrition: Everyday Foods That Support Whole-Body Health
    June 15, 2025
    The Wide-Ranging Benefits of Magnesium Supplements
    June 11, 2025
    The Best Home Remedies for Migraines
    June 5, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Elective Coronary Stenting: A Case in Context
    August 3, 2011
    PSA screening: Does It or Doesn’t It?
    March 16, 2012
    Rick Perry Needs To Make Up His Mind
    September 19, 2011
    Latest News
    How IT and Marketing Teams Can Collaborate to Protect Patient Trust
    July 17, 2025
    How Health Choices and Legal Actions Intersect After an Injury
    July 17, 2025
    How communities and healthcare providers can address slip and fall injuries with legal awareness
    July 17, 2025
    Let Your Lawyer Handle the Work Before You Pay Medical Costs
    July 6, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: OCR Just Finalized its Audit Protocols – Are You Feeling Confident About Your HIPAA Compliance?
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Business > OCR Just Finalized its Audit Protocols – Are You Feeling Confident About Your HIPAA Compliance?
BusinessPolicy & Law

OCR Just Finalized its Audit Protocols – Are You Feeling Confident About Your HIPAA Compliance?

Dan Stempel
Dan Stempel
Share
5 Min Read
HIPAA-Compliance.png
SHARE

HIPAA-Compliance.png

Contents
There’s No Reason for Panic — Just PreparationPossibility for Consequences?

A friendly reminder that, with the recent HHS Office of Civil Rights announcement, covered entities may soon be facing some unwelcome audits. Now’s the time to review compliance.

HIPAA-Compliance.png

A friendly reminder that, with the recent HHS Office of Civil Rights announcement, covered entities may soon be facing some unwelcome audits. Now’s the time to review compliance.

More Read

Biohazard incidents
Responding To Biohazard Incidents: Best Practices
The Popularity of In-Store Medical Clinics
Long-Term Care [INFOGRAPHIC]
Healthcare Breakthroughs: 3 Ways to Improve Your Chances of Fighting Obesity
Antibiotics for a Virus? How to Just Say “No”

HIPAA compliance can sometimes feel like changing the oil in your car: inarguably necessary, a serious problem when left unchecked, yet tedious enough that some are willing to let the task slide. The difference, of course, is that one is bad for your engine while the other is a federally mandated and legally enforceable standard.

Friendly reminder: the HHS Office of Civil Rights (OCR) recently announced the Phase II launch of its HIPAA audit program, part of the 2009 HITECH Act. And with their finalized Audit Protocol published on April 8th, all signs point to the OCR soon getting down to brass tacks.

This needn’t be cause for alarm. But if covered entities or their business associates haven’t recently ensured that their compliance is watertight — especially regarding the measurement of referral and appointment activity — there’s definitely no time like the present.

There’s No Reason for Panic — Just Preparation

Files.jpg

Audits are tentatively set to begin sometime in May, according to OCR official Devin McGraw via Politico, at which point randomly selected covered entities will receive an email announcing their fates (they recommend checking spam folders).

Business associates, who are also subject to individual audits, will be subject to audits in June or July. The agency plans to conduct roughly 200 remote desk audits, to be completed by December 2016, and anywhere from 10-25 “full scale” field audits thereafter, according to Healthcare Info Security. If you’re uncomfortable with the vagueness of this plan, you’re not alone.

The good news is that the majority of organizations will not be audited. However, if selected, entities will have a mere ten business days to prepare and submit all relevant documents via a secure online portal. Desk audits may (or may not) entail just a review of policies, or pertain to only one of the three HIPAA Rules: Privacy, Security, or Breach Notification. However, certain charmed organizations may, in fact, get to experience the unique joy of both desk and on-site audits.

Possibility for Consequences?

Officially, Phase II OCR audits are relatively benign, designed to “develop tools and guidance to assist the industry in compliance self-evaluation and in preventing breaches.” Nevertheless, they will open a formal investigation, should they find a “serious compliance issue,” however defined. And while OCR won’t publish the audit results (or even list which companies are audited), the whole process is subject to the Freedom of Information Act (FOIA), which means that journalists or other public agents can legally publish results. 

You may recall that 115 covered entities were audited in 2011 during Phase 1 of program, unearthing major compliance breaches; 89% were found to have compliance issues, and smaller organizations tended to struggle in multiple areas. 

Given the involvement of business associates — many of whom are not primarily dedicated to healthcare — one of the most difficult compliance aspects to cover will be Protected Health Information (PHI) and ePHI (electronic PHI). For instance, if your marketing agency measures referral and appointment activity, they’re likely in the domain of PHI and will need to be in solid compliance.

The bottom line is that if you haven’t implemented HIPAA privacy and security policies and procedures, recently conducted an inventory of relevant assets, or regularly completed risk assessments, then now is probably your last chance to do so before the audit process begins.

In the end, however, integrating a comprehensive HIPAA compliance program will keep you from running afoul of any regulatory standards that may come down the pipeline. The HHS is only conducting these audits in order to better enforce compliance standards in the future. So while you may or may not be audited this year, you and your digital marketing vendors must be prepared to stand up to scrutiny at any time.

Targeted Medical Marketing, Digital Marketing

(Image credit: Medill DC/flickr)

TAGGED:HIPAAHIPAA compliance
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
How IT and Marketing Teams Can Collaborate to Protect Patient Trust
Global Healthcare Policy & Law
July 17, 2025
paramedics in surgical gloves and masks
How Health Choices and Legal Actions Intersect After an Injury
Health care
July 16, 2025
a woman giving a key
How Probate Planning Shapes the Future of Your Estate and Family Care
Health
July 16, 2025
a woman with kinesio tapes on her back arm
How communities and healthcare providers can address slip and fall injuries with legal awareness
Health care
July 16, 2025

You Might also Like

Public Health

Elderly Women With Sleep Apnea at Higher Risk for Dementia

September 14, 2011
Medical EthicsNews

In the Firing of Joe Paterno or in Medical Malpractice – Hindsite is 20/20

November 14, 2011

Right Result, Wrong Reason: VA Boots Avastin For Wet AMD

September 28, 2011

Medical Schools Turn to Simulation

January 10, 2012
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?