This week at the Healthcare Information and Management Systems Society (“HIMSS”) Conference, Susan McAndrew, the Deputy Director for Information Privacy at the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”), announced that OCR is planning to resume its HIPAA compliance audit program in 2014.  As a first step, OCR will soon launch a survey of 1,200 organizations – 800 Covered Entities and 400 Business Associates – in order to select audit targets.  Organizations were selected to receive the OCR survey from a large database, and the survey itself will seek to determine whether each entity is an appropriate audit candidate by, for instance, verifying whether the organization is still in business.  Not all surveyed entities will wind up being audited.

Ms. McAndrew’s announcement coincided with a notice in the February 24 Federal Register, which explains that OCR is planning an Information Collection Request (“ICR”) to “gather information about respondents to enable OCR to assess the size, complexity, and fitness of a respondent for an audit” including “recent data about the number of patient visits or insured lives, use of electronic information, revenue, and business locations.”  Interested parties who wish to submit comments regarding this ICR must do so by April 25, 2014.  

This HIPAA compliance audit program is a continuation of a pilot program launched in 2012, through which OCR audited 115 Covered Entities for HIPAA compliance.  KPMG served as the contractor for the pilot program, but at this time, OCR does not plan to utilize a contractor for the upcoming round of audits.

Both Covered Entities and Business Associates are advised to use the next several months in advance of the audit program’s resumption to submit comments regarding the ICR if interested, to review their HIPAA compliance programs, and to address any potential HIPAA compliance gaps.

Posted by Leah Roffman

One Comment

  1. […] Meites also provided an update on HHS’s HIPAA audit program.  Earlier this year, HHS announced that it plans to continue its audit program initially piloted in 2012 by surveying 1,200 entities in order to identify audit targets.  Mr. […]

    Reply

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s