Keep your eyes peeled this autumn for a notification and data request from the HHS Office for Civil Rights (OCR). If you receive these communications, your practice is one of the selected entities that will face a more vigorous HIPAA audit.
OCR plans to audit 350 covered entities (CEs) and 50 business associates (BAs) during the first round of audits. For those who receive the notification and data request in Fall 2014, “the lucky recipients will be the first participants in the OCR’s effort to adopt a more aggressive approach to investigating compliance with HIPAA standards for privacy, security and breach notification,” wrote Tampa, FL-based Akerman LLP associate attorney A. Crosby Crane in a May 1 posting for the firm’s Health Law Rx Blog.
Why? The more aggressive approach stems from the December 2013 HHS Office of Inspector General (OIG) report that slammed the OCR for falling behind on HIPAA enforcement, Crane said. OCR has been making headway in implementing a permanent audit program, instead of relying on complaints as a way to assess compliance.