HIPAA audits are coming: The time to prepare is now


Hospitals, physician practices, and other healthcare entities have long been subject to a variety of sometimes random audits. For example, IRS audits, payer audits by Medicare or private insurance companies, state Workers’ Compensation audits, federal Department of Labor audits can occur. To this list will shortly be added HIPAA audits. The United States Department of Health and Human Services (HHS) has announced that it has retained a contractor to begin doing random audits for HIPAA compliance in 2012. In June KPMG, LLP was awarded a $9.2 million contract to administer the audits. The audits are presently scheduled to commence prior to the end of 2011, with the first audit phase scheduled to end by December 31, 2012.

In addition to random audits, HIPAA compliance audits can be triggered by a breach involving the impermissible disclosure of Protected Health Information (PHI) that compromises the security or privacy of that information and which poses a significant risk of financial, reputational or other harm to the affected individual. HHS’s Office for Civil Rights (OCR) has ready access to information on breaches, due to provisions of the HITECH Act and related breach notification regulations requiring covered entities to report breaches no later than 60 days after discovery of a breach involving PHI of at least 500 individuals, and annually in the case of a breach involving fewer than 500 individuals.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© International Lawyers Network | Attorney Advertising

Written by:


International Lawyers Network on:

JD Supra Readers' Choice 2016 Awards
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.