The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced that it is initiating compliance audits beginning this month under the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act provisions. An audit program was mandated by the American Recovery and Reinvestment Act of 2009.
Initially, 20 audits are planned to test audit protocols, with as many as 150 audits to be conducted by the end of December 2012. According to the OCR, all covered entities and business associates ultimately will be eligible to be audited. Entities selected for audit will be notified by mail and asked to submit documentation of compliance efforts in advance of an onsite visit. The audit is expected to take 3 to 10 days depending on the size of the audit.
Proactive covered entities and business associates should consider conducting a new or repeat internal audit to assess their vulnerability to HIPAA violations.
If you are being audited by the OCR or are considering proactively conducting your own internal audit or risk assessment relating to the privacy, confidentiality, and security of protected health information or any other compliance issues, please call so we can assist you with these important issues.