Tag Archives: HIPAA audits

HHS Publishes Roadmap for HIPAA Audits

One of the less well-known provisions of the Health Information Technology for Economic and Clinical Health (or “HITECH”) Act[1] is the requirement that the U.S. Department of Health and Human Services (“HHS”) periodically conduct audits to ensure that Covered Entities[2] and their Business Associates[3] are complying with the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).[4] In November 2011, the HHS Office for Civil Rights (“OCR”) launched the pilot phase of its HIPAA compliance audit program (“Audit Program”), selecting 115 entities nationwide to undergo privacy and security audits. While the pilot phase is not scheduled to wind up until December 2012, OCR recently made the protocol[5] guiding these compliance audits publicly available. By identifying individual areas of evaluation, defining the applicable performance criteria, and specifying how auditors will assess compliance with each, the protocol provides a comprehensive and extremely useful roadmap for entities anticipating an OCR audit and all other entities seeking to ensure HIPAA compliance. All Covered Entities and Business Associates should take note, as OCR recently announced that the Audit Program will likely continue through 2014.

Read full article

Healthcare Alert: Recent developments concerning HIPAA audits and penalties for non-compliance

The United States Department of Health and Human Services Office for Civil Rights (OCR) has recently announced that the first 20 HIPAA audit letters have been sent to covered entities. The audit program will involve up to 150 covered entities by the end of 2012.

Of the first 20 audit letters, 10 involve healthcare providers, including at least three physicians or physician groups, as well as a laboratory, a pharmacy and other providers. Upon receipt of the audit letter, the covered entity has only 10 days to provide the requested information. 

Read full article

HIPAA audits are coming: The time to prepare is now

Hospitals, physician practices, and other healthcare entities have long been subject to a variety of sometimes random audits. For example, IRS audits, payer audits by Medicare or private insurance companies, state Workers’ Compensation audits, federal Department of Labor audits can occur. To this list will shortly be added HIPAA audits. The United States Department of Health and Human Services (HHS) has announced that it has retained a contractor to begin doing random audits for HIPAA compliance in 2012. In June KPMG, LLP was awarded a $9.2 million contract to administer the audits. The audits are presently scheduled to commence prior to the end of 2011, with the first audit phase scheduled to end by December 31, 2012.

Read full article

Rachel Yaffe was featured in "HIPAA Audits Are Coming: Are You Prepared?," published by RBMA

Rachel Yaffe was featured in “HIPAA Audits Are Coming: Are You Prepared?,” published by RBMA

HIPAA Audits Are Coming: Are You Prepared?
By: Rachel Yaffe

In recent months, the Department of Health and Human Services (HHS) and the Office of Civil Rights (OCR) have revved up their efforts in enforcing the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH Act) through plans to conduct audits of covered entities (health care providers, health plans and health care clearinghouses) and business associates (persons or entities that perform certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, covered entities).

Read full article