HIPAA audits: 800 covered entities and 400 business associates

Susan McAndrew, OCR deputy director for health information privacy, said in an interview with Information Security Media Group that the Office of Civil Rights (OCR) will resume its HIPAA compliance audit program. The audit program should resume in the coming months.

Hopefully in coming months you’ll see actual activity that will start up on the audit process

Covered Entities and Business Associates

McAndrew said that both HIPAA covered entities and business associates will be part of the audits. Approximately 800 covered entities and 400 business associates will by audited.

Up to 1,200 HIPAA covered entities, including health plans, healthcare clearinghouses and certain healthcare providers, and business associates, to determine suitability for the OCR HIPAA audit program.

Focus on Risk Assessments

OCR will focus the audits on whether or not an organization has conducted a timely and thorough HIPAA Risk Assessment.

Among the areas likely to be a focus of OCR examinations in 2014 is whether organizations have conducted a timely and thorough HIPAA security risk assessment, because that was a common weak spot found across the board in the pilot audit program as well as in previous breach investigations, McAndrew said

Omnibus Rule Changes

The audits will also focus on any organization’s adherence to the HIPAA Omnibus Rule which went into effect in 2013.

OCR is also “revising the protocol [for the next round of audits] to reflect changes brought by the HIPAA Omnibus Rule, which went into effect last year,” she said.

[framed_box bgColor=”#ffd390″]

Are you ready for the HIPAA audits?

(Click on the links below for more information)

Covered Entities

Business Associates

Now is the time to get ready for the
HIPAA permanent audit program!

Contact us if you have questions, concerns or need help with HIPAA compliance

[/framed_box]