HIPAA Audits Are Coming – Are you ready?

After the 2013 HIPAA Omnibus rules went into effect, there was a delay as the Department of Health and Human Services (HHS)’ Office for Civil Rights (OCR) brought their auditing program in line with the new requirements. Based on last month’s announcement in the Federal Register, it seems like they are about ready to start auditing organizations again.

I suppose most healthcare covered entities and business associates don’t read the Federal Register regularly, so here are the pertinent details. OCR is planning an information collection (survey) effort, targeting 1,200 covered entities (typically health plans, health care clearinghouses, and health care providers) as well as business associates. The announced goal of the survey is:

to determine suitability for the Office for Civil Rights (OCR) HIPAA Audit Program. The survey will gather information about respondents to enable OCR to assess the size, complexity, and fitness of a respondent for an audit. Information collected includes, among other things, recent data about the number of patient visits or insured lives, use of electronic information, revenue, and business locations

The impact of this is clear. The HHS is required to perform periodic audits as part of the HITECH and subsequent HIPAA Omnibus changes announced last year. This survey is the first step in preparing to perform audits. HHS wants to understand if the organizations it is targeting are even ready for an audit. Based on the words being used to describe it, this HHS survey seems like a pre-audit exercise.

The surveys will not come until at least after the call for comments ends on April 25, 2014, so you have a limited amount of time to prepare for the survey.

Don’t be unprepared!
Our fixed-price information protection assessment can let you know exactly where you’ll stand regarding in advance of the HIPAA pre-audit, or an eventual HIPAA audit. Now would be a great time to contact us to learn more.