HIPAA Audits Have Begun
The American Recovery and Reinvestment Act of 2009, in Section 13411 of the HITECH Act, requires the Department of Health and Human Services (HHS) to provide for periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification Standards. The HHS Office for Civil Rights (OCR) is piloting a program to perform up to 150 audits of covered entities that will conclude by December 2012.
Every covered entity and business associate, including chiropractic offices and other health care providers, is eligible for a HIPAA audit. Entities that are selected for a HIPAA audit will be informed by OCR of their selection and asked to provide documentation of their privacy and security compliance efforts. OCR will notify a selected entity in writing of the audit. Every audit will include a site visit and result in an audit report. OCR will also give an entity 30 to 90 days’ notice prior to the anticipated visit. Auditors will interview key personnel and observe processes and operations to help determine HIPAA compliance. Following the site visit, the auditors will create an audit report. Prior to finalizing the report, the covered entity will have the opportunity to discuss concerns and describe corrective actions implemented to address concerns identified. The final report submitted to OCR will incorporate the steps the entity has taken to resolve any compliance issues identified by the audit.
The HIPAA audit program is designed to help OCR uncover reasons for health information breaches and help OCR create tools for covered entities to better protect individually identifiable health information. Certainly, it is reasonable to expect that a non-compliant entity could be subjected to monetary penalties. OCR will also continue to accept complaints from individuals. Covered entities such as chiropractic offices and other health care providers continue to have the obligation to comply with HIPAA.
The Martin Law Firm is a health law firm located in Blue Bell, Montgomery County, PA. The Martin Law Firm represents health care providers for matters involving health care compliance, Medicare audits and appeals, insurance post-payment reviews and general business matters. Contact The Martin Law Firm to speak to an experienced health care attorney today.