25% off all training courses Offer ends May 8, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 8, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Pre-Audit HIPAA Compliance Survey Finalized by OCR

Posted By on Feb 25, 2014

The Office for Civil Rights has set the wheels in motion for its upcoming HIPAA compliance auditing program by filing an information collection request in the Federal Register, which post-Omnibus Rule now includes Business Associates as well as entities previously covered by HIPAA.

No schedule for the audits has been announced, nor was an announcement expected. The collection request is just the first step in the process and the audits are not expected to take place until the fall of this year. The request is to allow it to conduct a pre-screening survey which will permit it to contact up to 1,200 covered entities and Business Associates, in part to gain an understanding of each organization’s readiness for audit and also to “assess the size, complexity, and fitness of a respondent for an audit.”

The information the OCR plans to collect relates to recent activities in relation to HIPAA regulations laid down by the Omnibus Rule and Privacy Rule in particular. It will require information to be provided on the use of electronic patient health records which are to be the major focus of the upcoming audits. It will also be screened based on geographical location and business entity.

The information has been requested to ensure “proper performance of the agency’s functions”, to determine the “accuracy of the estimated burden”, “ways to enhance the quality, utility, and clarity of the information to be collected” and to permit the use of automated collection technologies.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The OCR’s Susan McAndrew revealed at December’s HIT Policy Committee meeting that risk assessments and analyses will be a major focus in the second round of compliance audits, in light of the issues it discovered during the pilot program. The majority of HIPAA violations it discovered during the first round were due to a failure to conduct a thorough risk assessment, with many organizations not having conducted one at all.

The OCR is accepting comments on its proposed prescreening survey until April 25.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist