Health Law Alert: Corrective Action Plans Can Mean Significant Compliance Monitoring Requirements


In the wake of HHS’s contract with KPMG to perform 150 HIPAA compliance audits in 2011 and 2012, it is clear that the government is moving into a phase of active and aggressive enforcement, which will mean an uptick in the number and types of providers that face HHS OCR investigations and possible penalties. Providers concerned about these investigations should develop a better understanding of the tools that HHS Office of Civil Rights (OCR) has used to resolve major noncompliance with the Privacy and Security Rules: Resolution Agreements and Corrective Action Plans (CAPs). Increasingly, providers who are found to have violated the requirements of HIPAA are asked to sign a Corrective Action Plan, obligating themselves to reporting and monitoring responsibilities that more resemble a Corporate Integrity Agreement (CIA) than a simple settlement agreement.

In 2004 (the first full year for which HHS OCR has published data) 4,799 incidents resulted in 1,393 HHS OCR investigations. Of those investigations, only 74 percent (1,033) resulted in some sort of corrective action. Typically, the corrective action was as simple as a revision of policies, or a commitment to better monitor or account for a particular risk. By 2010, the number of total incidents had nearly doubled to 9,158, spawning 4,229 investigations and 2,703 corrective actions. In 2008, HHS OCR added Resolution Agreements and CAPs to its toolkit. One agreement was entered into in 2008, one in 2009, two in 2010, and as of this writing, two agreements have been published for the first half of 2011, along with the first-ever imposition of a civil money penalty.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Baker Donelson | Attorney Advertising

Written by:


Baker Donelson on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.