In a February 24, 2014 notice published in the Federal Register, the Department of Health and Human Services announced a pre-audit survey of HIPAA covered entities and business associates. The information collected will involve a survey of up to 1,200 covered entities and business associates to determine suitability for an Office of Civil Rights (OCR) HIPAA audit program. The survey will collect information related to the size, complexity, number of patient visits, revenue, and business locations of health care providers. This second round of HIPAA audits, a follow up to the pilot audit program that OCR established in 2012, is based upon the mandate that OCR conduct periodic audits to assess compliance with the HIPAA Privacy, Security and Breach Notification Rules
For those covered entities and business associates that have been less than diligent in satisfying their HIPAA compliance requirements, this notice is but another reminder that OCR continues to step up its proactive enforcement efforts to identify, and take action against, non-compliant entities.