July 14, 2020

Volume X, Number 196

July 13, 2020

Subscribe to Latest Legal News and Analysis

Another Round of HIPAA Audits - Health Insurance Portability and Accountability Act

The Office for Civil Rights (OCR) recently announced that it will be sending surveys to approximately 1,200 organizations in preparation for conducting HIPAA audits. The HIPAA audits are mandated by the HITECH Act.

According to the OCR, the surveys will be sent to about 800 covered entities and 400 business associates to obtain information to confirm whether the organizations are appropriate for an audit. The survey will request information such as number of patients served, revenue, and locations. This will be the first time that the OCR has audited business associates. In 2012, the OCR conducted a pilot audit program of 115 covered entitles. The OCR hired a contractor to perform the audits. The OCR is indicating that it will conduct the upcoming audits with its own staff. According to the OCR, about two thirds of covered entities audited in 2012 failed to conduct appropriate security risk assessments.

It is anticipated that the new round of audits will include review of compliance with the security risk assessment as well as encryption.

© 2020 BARNES & THORNBURG LLPNational Law Review, Volume IV, Number 76


About this Author

The Barnes & Thornburg Healthcare Department regularly represents physicians, medical groups, managed care organizations, hospitals, nursing homes, and national healthcare-related associations located around the country. Given our healthcare practice, we understand the unique commercial and regulatory environment in which healthcare organizations operate. Our attorneys bring their problem-solving and consensus-building skills to listen carefully to the goals of their clients and recommend practical solutions.