Audits for Compliance with HIPAA Privacy and Security Requirements Are on the Way - Are You Ready?


With the government gearing up for its HIPAA compliance audits, it’s a good time for covered entities and their business associates to do a HIPAA compliance checkup. The Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”) mandated the government to develop a plan to audit covered entities and their business associates for HIPAA compliance. The Office of Civil Rights, the governmental agency charged with HIPAA enforcement, is in its final stages of implementing this audit program and has hired KPMG to perform the audits. These audits are expected to commence in the next few months and KPMG is to complete audits of 150 organizations by December 31, 2012. The audits are initially expected to focus on covered entities. Each audit will include a site visit expected to span 2 to 5 days, depending on the complexity of the organization, which will consist of interviews with leadership and key personnel (e.g., Privacy Officer, CIO, medical records department director), an inspection of operations with respect to privacy and security, and an assessment of compliance with HIPAA privacy and security regulations and the organization’s HIPAA policies. At the conclusion of the audit, the audited organization will receive a final report describing the audit findings, with an emphasis on deficiencies and noncompliance and will be provided an opportunity to implement corrective actions. It is important to note that the government may initiate enforcement actions based on the audit findings; however, corrective actions may reduce or eliminate potential civil monetary penalties.

With these HIPAA compliance audits on the horizon and the OCR’s heightened efforts toward HIPAA enforcement, it is important that covered entities and business associates take proactive steps towards compliance. To prepare for these audits, we recommend taking the following steps to better position yourselves to demonstrate your HIPAA compliance to the government...

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thompson Coburn LLP | Attorney Advertising

Written by:


Thompson Coburn LLP on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.