HHS Continues Privacy and Security Audits to Ensure HIPAA Compliance
Last year the Department of the Health and Human Services (HHS) launched phase two of the privacy and security health-care audits, the continuation of a pilot program which was initially launched in 2011 to ensure health-care organizations and their contractors are complying with HIPAA privacy and security rules. While the first two phases of these programs were educational, future rounds of auditing may move to enforce compliance.
Bloomberg recently published a piece on the subject with advice from the Office of Civil Rights (OCR) surrounding how to prepare. Currently, the second round of audits is still underway, with approximately 200 audits in progress.
This audit covers not only providers, but also business associates or a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.
One of the reasons for the audits is the increase of cybercrime, and according to the HHS OCR, it is important that all providers conduct regular self-audits to ensure HIPAA compliance. While these continued audits have an educational focus, if a problem is spotted action will be taken to enforce compliance.