It’s been a long time coming. Now it’s here. The Department of Health and Human Services’ Office for Civil Rights (“OCR”) recently placed a notice in the Federal Register that it intends to survey up to 1,200 covered entities (health plans, health care clearinghouses, and certain health care providers) and business associates to “determine their suitability for the Office for Civil Rights HIPAA Audit Program.”
In the notice OCR reveals it intends to collect information including “among other things …. the number of patient visits or insured lives, use of electronic information, revenue, and business locations” to gauge the CE/BAA’s “size, complexity and fitness” for future more probing audits. The comment period the Information Collection Request (“ICR”) ends on April 25, 2014 and comments may be submitted to Information.CollectionClearance@HHS.gov.
The Health Information Technology for Economic and Clinical Health (“HITECH”) Act mandates that OCR “provide for periodic audits to ensure that covered entities and business associates” are in compliance with the HITECH Act and its implementing regulations. Previous HHS audits have been fairly minimal, mostly notably a 2012 audit that involved 115 covered entities. The 2012 audit revealed compliance with the HIPAA Security Rule was sadly not up to snuff, with nearly 66% of those audited failing to have a full and accurate risk assessment on hand and widespread ignorance of specific HIPAA Privacy Rule requirements.
Are you in HIPAA/HITECH compliance? Now’s the time to answer that question. Before OCR comes knocking… To discuss your HIPAA/HITECH programs, procedures and compliance efforts feel free to give us a call at 203 307-2665 or email at info@SmartEdgeLawGroup.com.