Share this article on:
Our 65-page HIPAA Compliance Guide for Privacy, Security and Compliance Officers provides useful advice on the main elements of the Health Insurance Portability and Accountability Act, including tips and best practice advice for Covered Entities (CEs) and their Business Associates (BAs). The guide can be downloaded here.
HIPAA Compliance Will be put to the Test
Three years have passed since the Department of Health and Human Services’ Office for Civil Rights completed its pilot round of HIPAA compliance audits and organizations covered by HIPAA do not have long before the audits will start again.
The pilot phase did not result in any financial penalties being issued – only action plans – although the audits revealed HIPAA compliance was in a sorry state. The same is not expected to be true for the next round. CEs have had plenty of time to get procedures and policies updated, and if violations are discovered this time around, fines are likely to follow.
The next round of audits will specifically test the areas of HIPAA Rules that were causing so many problems for CEs three years ago, and the protocol is now being finalized. The OCR has not been drawn on when the audits will take place, but the autumn of this year is looking increasingly likely.
A notice will be posted on the OCR website to advise covered entities of the upcoming audits, with the second round expected to commence within 90 days of the issuing of the notice.
Preparing for the HIPAA Compliance Audits
The OCR will first send out pre-screening questionnaires to up to 1200 CEs and BAs requesting information on the organization’s size, correct contact details and other general information to allow the OCR auditors to select the most appropriate organizations for audits. The pre-screening surveys were expected to be sent last summer, ahead of the autumn audits and if the second phase is to start this year, the surveys can be expected in the next few weeks.
Even if a covered entity is not selected for audit as part of the second phase, it does not mean that an audit will not be conducted. The OCR is investigating breach reports submitted through its breach reporting portal and compliance reviews could be triggered if there is a hint of a HIPAA violation behind a security breach.
Since the OCR will only provide 3-months notice of an impending audit, it is essential that all CEs and BAs take action now to ensure full compliance with HIPAA Rules. With this in mind we have produced the HIPAA Journal HIPAA Compliance Guide.
The HIPAA Journal – HIPAA Compliance Guide
The compliance guide contains 9 chapters and 65 pages and provides a background to the Health Insurance Portability and Accountability Act, the major elements of the legislation, how HIPAA is enforced and best practices and compliance tools that can be leveraged to achieve full compliance. We hope it serves as a handy reference on HIPAA rules and regulations
- The Background and Objectives of HIPAA
- The HIPAA Privacy Rule
- What is the Privacy Rule? What is PHI? What circumstances does the Privacy Rule cover?
- The HIPAA Security Rule
- The HIPAA Notification Rule – What to do in the Event of a Breach
- The HIPAA Enforcement Rule – How is HIPAA-Compliance Enforced?
- Secure Communications and HIPAA Compliance
- The Benefits of HIPAA Compliance Tools