Earlier this week, the Office of Inspector General (OIG) of HHS released a report on HIPAA privacy compliance audits. The study reviewed a sample of privacy cases that were investigated between September 2009 and March 2011. What they found was that 54% of entities sampled were out of compliance and that not enough was being done to investigate noncompliance before a complaint was made. As a result, the study concluded that the Office for Civil Rights (OCR) should: (1) fully implement a permanent audit program; (2) maintain complete documentation of corrective action; (3) develop an efficient method of its case-tracking system to search for and track covered entities; (4) develop a policy requiring OCR staff to check whether covered entities have been previously investigated; and (5) continue to expand outreach and education efforts to covered entities.
In an effort to combat these breaches, HHS announced that it will be launching “phase two” of its audits in early 2016. According to OCR, phase two will "test the efficacy of desk reviews of policies as well as on-site reviews; it will target common areas of noncompliance; and it will include HIPAA business associates. The scope and structure of the audit program long-term will ultimately depend upon the availability and allocation of resources for the program.”
NAHU has continuously promoted HIPAA compliance and, as NAHU members, you have access to resources that can help to keep you in compliance. You also have access to our Compliance Corner collection of webinars, including a webinar on HIPAA from earlier this year:
What Are the Steps to a HIPAA Risk Assessment?
Conducting a risk assessment is one of the most complicated and time-consuming processes in meeting HIPAA requirements. If you get help from a vendor, what is the first step in the process? What are the three areas you need to address in a risk assessment? Join David Smith, vice president of Ebenconcepts, for this 30-minute NAHU member-exclusive webinar covering the key steps to becoming HIPAA-compliant. Click here to view the PowerPoint.
As any new guidance becomes available, we will continue to update you.