September 24, 2021

Volume XI, Number 267

Advertisement

September 23, 2021

Subscribe to Latest Legal News and Analysis

September 22, 2021

Subscribe to Latest Legal News and Analysis

September 21, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

Office for Civil Rights Plans to Move Ahead with HIPAA Audits, Reports Say

Recent news reports indicate that the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) is planning to move ahead with its plan to begin proactive HIPAA audits of business associates and covered entities.

In the past, OCR has relied primarily on self-reports of breaches from covered entities (as required by the Breach Notification Rule) as a basis for enforcement actions. However, Section 13411 the HITECH Act directs OCR to conduct periodic audits to ensure that covered entities and business associates are in compliance with the Security Rule. The Security Rule requires covered entities and business associates to protect the integrity and confidentiality of electronic protected health information through implementing physical, administrative, and technical safeguards.

HHS launched a pilot audit program in 2011. However, the OIG has criticized OCR for not implementing this requirement in a timely fashion by moving forward with more widespread audits.

According to news reports, HHS has chosen a vendor for the next phase of the audit program and is verifying contact information for business associates and covered entities to be included under the program. OCR noted that the first audits will mostly consist of desk audits, under which it will ask entities to send in policies and procedures for review, though there may be some in-person audits as well.

Now that audits of internal security policies and procedures are appearing ever more likely and imminent, covered entities and business associate may want to take this opportunity to ensure that these policies are up to date and accord with the Security Rule.

© 2021 Covington & Burling LLPNational Law Review, Volume V, Number 261
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Dena Feldman, healthcare attorney, Covington
Associate

Dena Feldman helps clients from across the health care industry navigate a range of complex regulatory and policy issues.

Ms. Feldman has particular expertise on health privacy issues arising under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Clinical and Economic Health (“HITECH”) Act, and state medical privacy laws. Ms. Feldman also regularly counsels clients on the federal rules and policies governing Medicare and Medicaid, including the new mandates of the Affordable Care Act.

202-662-5192
Advertisement
Advertisement
Advertisement