Audits for Compliance with HIPAA Privacy and Security Requirements Are on the Way - Are You Ready?


With the government gearing up for its HIPAA compliance audits, it’s a good time for covered entities and their business associates to do a HIPAA compliance checkup. The Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”) mandated the government to develop a plan to audit covered entities and their business associates for HIPAA compliance. The Office of Civil Rights, the governmental agency charged with HIPAA enforcement, is in its final stages of implementing this audit program and has hired KPMG to perform the audits. These audits are expected to commence in the next few months and KPMG is to complete audits of 150 organizations by December 31, 2012. The audits are initially expected to focus on covered entities. Each audit will include a site visit expected to span 2 to 5 days, depending on the complexity of the organization, which will consist of interviews with leadership and key personnel (e.g., Privacy Officer, CIO, medical records department director), an inspection of operations with respect to privacy and security, and an assessment of compliance with HIPAA privacy and security regulations and the organization’s HIPAA policies. At the conclusion of the audit, the audited organization will receive a final report describing the audit findings, with an emphasis on deficiencies and noncompliance and will be provided an opportunity to implement corrective actions. It is important to note that the government may initiate enforcement actions based on the audit findings; however, corrective actions may reduce or eliminate potential civil monetary penalties.

With these HIPAA compliance audits on the horizon and the OCR’s heightened efforts toward HIPAA enforcement, it is important that covered entities and business associates take proactive steps towards compliance. To prepare for these audits, we recommend taking the following steps to better position yourselves to demonstrate your HIPAA compliance to the government...

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thompson Coburn LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.