BD
Uploaded byBrian Dickerson
104 views

Feds Launch Long-Awaited HIPAA Audits

The U.S. Department of Health and Human Services has launched a new round of audits to evaluate compliance with patient privacy rules under the Health Insurance Portability and Accountability Act (HIPAA). The audits will involve sending questionnaires to health care providers, insurers, and their business partners to gather information and create an audit pool. Selected organizations could face financial penalties or agreements to improve practices if audits find serious privacy issues. Over 200 audits are planned involving both remote and in-person reviews, with the goal of strengthening guidance on maintaining protected health information confidentiality.

Embed presentation

Download to read offline
Portfolio Media. Inc. | 860 Broadway, 6th Floor | New York, NY 10003 | www.law360.com Phone: +1 646 783 7100 | Fax: +1 646 783 7161 | customerservice@law360.com Feds Launch Long-Awaited HIPAA Audits By Jeff Overley Law360, New York (March 21, 2016, 3:38 PM ET) -- After years of anticipation, federal regulators on Monday launched a new round of audits to gauge compliance with patient privacy provisions of the Health Insurance Portability and Accountability Act. The launch is starting off innocuously with emails to so-called covered entities — health care providers, insurance plans and clearinghouses — and to business associates that handle patient information on behalf of those entities. The emails will simply ask to verify contact information, after which recipients will receive a “preaudit questionnaire” seeking details on their business size and operations. From there, the Office for Civil Rights at the U.S. Department of Health and Human Services will create a pool of audit targets. The pool will be created “in coming months” and will “represent a wide range of health care providers, health plans, health care clearinghouses and business associates,” the OCR said Monday. If an audit turns up a “serious compliance issue,” the OCR said, further investigation may occur, which could trigger financial penalties and a formal agreement to improve HIPAA compliance. More broadly, the agency said that it will use its findings to develop new guidance and policies aimed at strengthening adherence to HIPAA rules aimed at safeguarding the confidentiality of so-called protected health information. According to news reports last week, about 200 audits are planned. On Monday, the OCR said that a majority of the reviews will be remote “desk audits,” although some in-person audits will take place. All the desk audits will be finished by the end of 2016, according to the OCR. The OCR had performed pilot audits in 2012, but funding for further inquiries dried up. As a result, the agency has relied on tips and disclosures of breaches to police HIPAA compliance. That has given the agency plenty of material, but government watchdogs have still criticized the lack of proactive oversight. One of the key questions surrounding audits is how business associates will fare, given that they have been covered by HIPAA only since 2013. In an interview Monday, Ropes & Gray LLP partner Deborah Gersh predicted that the OCR may focus in particular on business associates that conduct large-scale data analysis for covered entities. On Monday the OCR promised to release its audit protocols — instructions on how audits are conducted — later this year, when the agency is closer to actually performing the audits. The protocols are being updated to reflect policies in a 2013 final rule that expanded HIPAA’s reach. Page 1 of 2Feds Launch Long-Awaited HIPAA Audits - Law360 3/21/2016http://www.law360.com/articles/774290/print?section=health
Companies selected for an audit will receive a detailed overview of the audit process and an outline of their obligations, according to the OCR. Generally, companies will have 10 business days to submit the requested information, and the OCR will then review the information and respond with its findings. Companies will then have a chance to respond to the findings before a final audit report is completed. --Editing by Edrienne Su. All Content © 2003-2016, Portfolio Media, Inc. Page 2 of 2Feds Launch Long-Awaited HIPAA Audits - Law360 3/21/2016http://www.law360.com/articles/774290/print?section=health

More Related Content

PDF
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
byBrian Dickerson
 
PDF
Your privacy online: Health information at serious risk of abuse, researchers...
byimpartialnewsle68
 
PDF
HHS Issues HIPAA Omnibus Final Rule
byPatton Boggs LLP
 
PPT
Brian Balow HIPAA Final Rule
bymihinpr
 
PDF
BRG_TAP_IG_20150826_WEB
byMargaret (Peggy) Daley
 
PDF
HIPAA compliance tuneup 2016
byCompliancy Group
 
PDF
How to safeguard ePHIi in the cloud
byCompliancy Group
 
PPTX
HIPAA Security Risk Analysis for Business Associates
byRedspin, Inc.
 
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
byBrian Dickerson
 
Your privacy online: Health information at serious risk of abuse, researchers...
byimpartialnewsle68
 
HHS Issues HIPAA Omnibus Final Rule
byPatton Boggs LLP
 
Brian Balow HIPAA Final Rule
bymihinpr
 
BRG_TAP_IG_20150826_WEB
byMargaret (Peggy) Daley
 
HIPAA compliance tuneup 2016
byCompliancy Group
 
How to safeguard ePHIi in the cloud
byCompliancy Group
 
HIPAA Security Risk Analysis for Business Associates
byRedspin, Inc.
 

What's hot

PDF
Test
byludicrousempath46
 
PDF
HIPAA compliance for Business Associates- The value of compliance, how to acq...
byCompliancy Group
 
PDF
Redspin PHI Breach Report 2012
byRedspin, Inc.
 
PDF
IT Trends - Cyber Security
byDatix Consulting
 
PPTX
Health Care Fraud Hurts!
byurlstevens
 
DOCX
Trouble with the terroriest
bybaqerz
 
PDF
The Most Wonderful Time of the Year for Health-IT...NOT
byCompliancy Group
 
PDF
Understanding gdpr compliance gdpr analytics tools
byRominaMariaBaltariu
 
PDF
GDPR Compliance Software | General Data Protection Regulation (GDPR) Dashboard
byCorporater
 
PDF
CXFIRE Brochure
byConnexica
 
PPTX
An Overview of GDPR
byThe Pathway Group
 
PDF
California Consumer Protection Act - Insight from Sia Partners
byDaniel Connor
 
PDF
Paul Stephen - GDPR The Opportunity & Sitecore Tool
bySagittarius
 
PDF
California Consumer Protection Act - Insight from Sia Partners
byDaniel Connor
 
PPT
Pharma Presentation
byMark Stevens
 
PDF
The Basics of GDPR
byBhupesh Chaurasia
 
PPT
NBN All Access Demo - for Sellers of Parts
bynationalbidnetwork
 
PDF
"If we're leaving the EU, does GDPR even matter?" And other FAQs
byTech Data
 
PDF
Flash Friday: Data Quality & GDPR
byPrecisely
 
Test
byludicrousempath46
 
HIPAA compliance for Business Associates- The value of compliance, how to acq...
byCompliancy Group
 
Redspin PHI Breach Report 2012
byRedspin, Inc.
 
IT Trends - Cyber Security
byDatix Consulting
 
Health Care Fraud Hurts!
byurlstevens
 
Trouble with the terroriest
bybaqerz
 
The Most Wonderful Time of the Year for Health-IT...NOT
byCompliancy Group
 
Understanding gdpr compliance gdpr analytics tools
byRominaMariaBaltariu
 
GDPR Compliance Software | General Data Protection Regulation (GDPR) Dashboard
byCorporater
 
CXFIRE Brochure
byConnexica
 
An Overview of GDPR
byThe Pathway Group
 
California Consumer Protection Act - Insight from Sia Partners
byDaniel Connor
 
Paul Stephen - GDPR The Opportunity & Sitecore Tool
bySagittarius
 
California Consumer Protection Act - Insight from Sia Partners
byDaniel Connor
 
Pharma Presentation
byMark Stevens
 
The Basics of GDPR
byBhupesh Chaurasia
 
NBN All Access Demo - for Sellers of Parts
bynationalbidnetwork
 
"If we're leaving the EU, does GDPR even matter?" And other FAQs
byTech Data
 
Flash Friday: Data Quality & GDPR
byPrecisely
 

Viewers also liked

PPSX
Gabo
byMiguel Pacheco
 
DOCX
Ya
byAlejitha Cahue Mamani
 
PDF
INSA_ IT-AAC MOU
byJohn Weiler
 
PDF
Cuestionario 1 b
bymarco bermeo
 
PPTX
Growth Hacking vs Traditional Marketing
byAndrew Allsop
 
PDF
The New Overtime Regulations
byBrian Dickerson
 
PPTX
Marco legal empresa audio y video comuna vi
by1ivanramos
 
DOCX
CV_Nikolenko_Alexandr
byAlexandr Nikolenko
 
PPTX
MODELO CONDUCTISTA POR DAYANA LÓPEZ
byDAYISLOPEZ
 
PPTX
Semiconductores
byJosé Escobar
 
PPTX
Sólidos Cristalinos
byJosé Escobar
 
PDF
gopaddle-meetup
bySujai Sivasamy
 
DOC
David resume2015
byDavid Gonzalez
 
PPTX
Leveraging resources for education sdg through local philanthropy -mooc proje...
by100759
 
PPTX
Social Media Metrics and Politics
byhsolonynka
 
PDF
Addressing the shortage of medical doctors in zambia
byNixon Mendez
 
PDF
Sibos INNOTRIBE Digital Ethics
byAurélie Pols
 
PPTX
EDUCACION SEXUAL EN LOS NIÑOS POR DAYIS LOPEZ
byDAYISLOPEZ
 
PDF
Clustering and Visualisation using R programming
byNixon Mendez
 
PPTX
Marco referencial
by1ivanramos
 
Gabo
byMiguel Pacheco
 
Ya
byAlejitha Cahue Mamani
 
INSA_ IT-AAC MOU
byJohn Weiler
 
Cuestionario 1 b
bymarco bermeo
 
Growth Hacking vs Traditional Marketing
byAndrew Allsop
 
The New Overtime Regulations
byBrian Dickerson
 
Marco legal empresa audio y video comuna vi
by1ivanramos
 
CV_Nikolenko_Alexandr
byAlexandr Nikolenko
 
MODELO CONDUCTISTA POR DAYANA LÓPEZ
byDAYISLOPEZ
 
Semiconductores
byJosé Escobar
 
Sólidos Cristalinos
byJosé Escobar
 
gopaddle-meetup
bySujai Sivasamy
 
David resume2015
byDavid Gonzalez
 
Leveraging resources for education sdg through local philanthropy -mooc proje...
by100759
 
Social Media Metrics and Politics
byhsolonynka
 
Addressing the shortage of medical doctors in zambia
byNixon Mendez
 
Sibos INNOTRIBE Digital Ethics
byAurélie Pols
 
EDUCACION SEXUAL EN LOS NIÑOS POR DAYIS LOPEZ
byDAYISLOPEZ
 
Clustering and Visualisation using R programming
byNixon Mendez
 
Marco referencial
by1ivanramos
 

Similar to Feds Launch Long-Awaited HIPAA Audits

PPTX
Preparing & Responding to an OCR HIPAA Audit
byPYA, P.C.
 
PDF
HIPAA 2016 Audits Phase 2: Covered Entities and Business Associates Take Notice
byBrian Dickerson
 
PDF
HIPAA 2016 Audits Phase 2: Covered Entities and Business Associates Take Notice
byNicole Waid
 
PDF
Get your Ducks in a Row - The OCR Audit Season is About to Begin
byID Experts
 
PDF
Compliance Overview - HIPAA Compliance Reviews - Audit Protocol
byntoscano50
 
PDF
Performing an ocr hipaa audit
bycomplianceonline123
 
PDF
HIPAA Audits Are Here to Stay – Key Preparation Strategies for Business Assoc...
byPolsinelli PC
 
PDF
OCR HIPAA Audits…Will You Be Prepared?
byID Experts
 
PDF
The HIPAA Audit: What to Expect and How to Prepare Your Practice
byShyamMishra72
 
PDF
What Covered Entities Need to Know about OCR HIPAA Audit​s
byIatric Systems
 
PDF
Why a Risk Assessment is NOT Enough for HIPAA Compliance
byCompliancy Group
 
PPTX
Cybersecurity in Health Care Sector: HIPAA Responsibilities from a Legal and ...
byTracie Thompson
 
PDF
Maninging Risk Exposure in Meaningful Use Stage 2
byCompliancy Group
 
PPTX
OCR Audits Are Coming – Is Your Organization Prepared?
byPolsinelli PC
 
DOCX
Security Audits of Electronic Health I.docx
bybagotjesusa
 
DOCX
Security Audits of Electronic Health I.docx
bykenjordan97598
 
PDF
How to prepare for OCR's upcoming phase 2 audits
byCompliancy Group
 
PPTX
HIPAA omnibus rule update
byO'Connor Davies CPAs
 
DOCX
Hipaa audits and enforcement
bysupportc2go
 
PPTX
Health Insurance Portability and Accountability Act (HIPAA) Compliance
byControlCase
 
Preparing & Responding to an OCR HIPAA Audit
byPYA, P.C.
 
HIPAA 2016 Audits Phase 2: Covered Entities and Business Associates Take Notice
byBrian Dickerson
 
HIPAA 2016 Audits Phase 2: Covered Entities and Business Associates Take Notice
byNicole Waid
 
Get your Ducks in a Row - The OCR Audit Season is About to Begin
byID Experts
 
Compliance Overview - HIPAA Compliance Reviews - Audit Protocol
byntoscano50
 
Performing an ocr hipaa audit
bycomplianceonline123
 
HIPAA Audits Are Here to Stay – Key Preparation Strategies for Business Assoc...
byPolsinelli PC
 
OCR HIPAA Audits…Will You Be Prepared?
byID Experts
 
The HIPAA Audit: What to Expect and How to Prepare Your Practice
byShyamMishra72
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
byIatric Systems
 
Why a Risk Assessment is NOT Enough for HIPAA Compliance
byCompliancy Group
 
Cybersecurity in Health Care Sector: HIPAA Responsibilities from a Legal and ...
byTracie Thompson
 
Maninging Risk Exposure in Meaningful Use Stage 2
byCompliancy Group
 
OCR Audits Are Coming – Is Your Organization Prepared?
byPolsinelli PC
 
Security Audits of Electronic Health I.docx
bybagotjesusa
 
Security Audits of Electronic Health I.docx
bykenjordan97598
 
How to prepare for OCR's upcoming phase 2 audits
byCompliancy Group
 
HIPAA omnibus rule update
byO'Connor Davies CPAs
 
Hipaa audits and enforcement
bysupportc2go
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
byControlCase
 

Recently uploaded

PDF
Final NABH Checklist 6TH ED JULY 2025 - Dr J L Meena.pdf
byDr Jitu Lal Meena
 
PPTX
Chapter 9. burns management first aid.pptx
byHayatALAKOUM
 
PPTX
IRON DEFICIENCY ANEMIA and its importance .pptx
byNadiyaKhan11
 
PPTX
Apamarga.pptx - Achyranthus aspera pptx.
byBansariPatel112358
 
PPTX
Role of Ginger as a nutraceutical against (CINV).pptx
bysawairaaslam74822
 
PPTX
BANDAGING,purposes, types, principles.pptx
byLINU ZACHARIAH
 
PDF
How Google Reviews Build Patient Trust in Hospitals
byHMS Advisors Pvt Ltd
 
PPTX
Disaster Managment
byDr. Anuj Singh
 
PDF
Dr. David Wilson Utah - Dedicated To Patient Wellness
byDr. David Wilson Utah
 
PDF
Patient lifting robot concept presentation
byEevastiinaRindell
 
PPTX
GMP_Summary_Presentation_Dr_SSD_19-01-2026.pptx
byDR SHAKEEB SIRAJ DHORAJIWALA
 
PPTX
Ophthalmic lens power and form presentation
byMilan Gupta
 
PPTX
"Strategic Approaches to Enhancing Healthcare Management & Leadership Effecti...
byToobaAfzal3
 
PPTX
Bronchodilators in lung disease and treat
bysamsungfoodie
 
PPTX
Compassionate Hospice Care Services in Orange County, NY
bysn036847
 
PPTX
Spectral CT Imaging: Principle and Applications of Dual-Energy and Photon Cou...
byJoginder Singh
 
PPTX
Corneal Topography: Principles, Techniques, Patterns, and Clinical Applications
byMilan Gupta
 
PPTX
INTRODUCTION TO MOLECULAR DIAGNOSTIC IN LEVEL 100
bysolomonasare355
 
PPTX
Post Partum Hemorrhage Obs Gynae PPT.pptx
byNIMS Institute of Pharmacy, NIMS University Rajasthan, Jaipur
 
PPTX
The autoclave is also called a steam sterilizer that is commonly used in heal...
byJibina Babu
 
Final NABH Checklist 6TH ED JULY 2025 - Dr J L Meena.pdf
byDr Jitu Lal Meena
 
Chapter 9. burns management first aid.pptx
byHayatALAKOUM
 
IRON DEFICIENCY ANEMIA and its importance .pptx
byNadiyaKhan11
 
Apamarga.pptx - Achyranthus aspera pptx.
byBansariPatel112358
 
Role of Ginger as a nutraceutical against (CINV).pptx
bysawairaaslam74822
 
BANDAGING,purposes, types, principles.pptx
byLINU ZACHARIAH
 
How Google Reviews Build Patient Trust in Hospitals
byHMS Advisors Pvt Ltd
 
Disaster Managment
byDr. Anuj Singh
 
Dr. David Wilson Utah - Dedicated To Patient Wellness
byDr. David Wilson Utah
 
Patient lifting robot concept presentation
byEevastiinaRindell
 
GMP_Summary_Presentation_Dr_SSD_19-01-2026.pptx
byDR SHAKEEB SIRAJ DHORAJIWALA
 
Ophthalmic lens power and form presentation
byMilan Gupta
 
"Strategic Approaches to Enhancing Healthcare Management & Leadership Effecti...
byToobaAfzal3
 
Bronchodilators in lung disease and treat
bysamsungfoodie
 
Compassionate Hospice Care Services in Orange County, NY
bysn036847
 
Spectral CT Imaging: Principle and Applications of Dual-Energy and Photon Cou...
byJoginder Singh
 
Corneal Topography: Principles, Techniques, Patterns, and Clinical Applications
byMilan Gupta
 
INTRODUCTION TO MOLECULAR DIAGNOSTIC IN LEVEL 100
bysolomonasare355
 
Post Partum Hemorrhage Obs Gynae PPT.pptx
byNIMS Institute of Pharmacy, NIMS University Rajasthan, Jaipur
 
The autoclave is also called a steam sterilizer that is commonly used in heal...
byJibina Babu
 

Feds Launch Long-Awaited HIPAA Audits

  • 1.
    Portfolio Media. Inc.| 860 Broadway, 6th Floor | New York, NY 10003 | www.law360.com Phone: +1 646 783 7100 | Fax: +1 646 783 7161 | customerservice@law360.com Feds Launch Long-Awaited HIPAA Audits By Jeff Overley Law360, New York (March 21, 2016, 3:38 PM ET) -- After years of anticipation, federal regulators on Monday launched a new round of audits to gauge compliance with patient privacy provisions of the Health Insurance Portability and Accountability Act. The launch is starting off innocuously with emails to so-called covered entities — health care providers, insurance plans and clearinghouses — and to business associates that handle patient information on behalf of those entities. The emails will simply ask to verify contact information, after which recipients will receive a “preaudit questionnaire” seeking details on their business size and operations. From there, the Office for Civil Rights at the U.S. Department of Health and Human Services will create a pool of audit targets. The pool will be created “in coming months” and will “represent a wide range of health care providers, health plans, health care clearinghouses and business associates,” the OCR said Monday. If an audit turns up a “serious compliance issue,” the OCR said, further investigation may occur, which could trigger financial penalties and a formal agreement to improve HIPAA compliance. More broadly, the agency said that it will use its findings to develop new guidance and policies aimed at strengthening adherence to HIPAA rules aimed at safeguarding the confidentiality of so-called protected health information. According to news reports last week, about 200 audits are planned. On Monday, the OCR said that a majority of the reviews will be remote “desk audits,” although some in-person audits will take place. All the desk audits will be finished by the end of 2016, according to the OCR. The OCR had performed pilot audits in 2012, but funding for further inquiries dried up. As a result, the agency has relied on tips and disclosures of breaches to police HIPAA compliance. That has given the agency plenty of material, but government watchdogs have still criticized the lack of proactive oversight. One of the key questions surrounding audits is how business associates will fare, given that they have been covered by HIPAA only since 2013. In an interview Monday, Ropes & Gray LLP partner Deborah Gersh predicted that the OCR may focus in particular on business associates that conduct large-scale data analysis for covered entities. On Monday the OCR promised to release its audit protocols — instructions on how audits are conducted — later this year, when the agency is closer to actually performing the audits. The protocols are being updated to reflect policies in a 2013 final rule that expanded HIPAA’s reach. Page 1 of 2Feds Launch Long-Awaited HIPAA Audits - Law360 3/21/2016http://www.law360.com/articles/774290/print?section=health
  • 2.
    Companies selected foran audit will receive a detailed overview of the audit process and an outline of their obligations, according to the OCR. Generally, companies will have 10 business days to submit the requested information, and the OCR will then review the information and respond with its findings. Companies will then have a chance to respond to the findings before a final audit report is completed. --Editing by Edrienne Su. All Content © 2003-2016, Portfolio Media, Inc. Page 2 of 2Feds Launch Long-Awaited HIPAA Audits - Law360 3/21/2016http://www.law360.com/articles/774290/print?section=health