The Office for Civil Rights ("OCR") of the Department of Health and Human Services has announced an audit initiative under which it intends to conduct audits of up to 150 covered entities to review compliance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). The audit will focus on the HIPAA privacy and security requirements. The OCR will select a broad range of entities, including health plans and health care providers of all sizes. HIPAA audits begin immediately.
Group health plan sponsors and health care providers should carefully review their HIPAA compliance programs. Keep in mind that HIPAA mandates training of individuals who have access to protected health information. Failure to train (and to properly document training) could result in significant liability.
Please see full publication below for more information.