The Department of Health and Human Services (HHS) recently announced that it will conduct a “HIPAA Covered Entity and Business Associate Pre-Audit Survey." It will conduct a survey of 800 covered entities and 400 business associates to determine whether they are appropriate participants for the Office of Civil Rights (OCR) HIPAA Audit Program.
The audit will evaluate covered entities’ and business associates’ compliance with the HIPAA Privacy, Security and Breach Notification Rules.
In other words: more HIPAA audits are coming. If you are selected, you can expect to have HHS review the following:
- Privacy Rule requirements for (1) notice of privacy practices for PHI, (2) rights to request privacy protection for PHI, (3) access of individuals to PHI, (4) administrative requirements, (5) uses and disclosures of PHI, (6) amendment of PHI, and (7) accounting of disclosures.
- Security Rule requirements for administrative, physical, and technical safeguards
- Breach Notification Rule requirements*
Now is the time to make sure you have addressed HIPAA Privacy, Security and Breach Notification Rules in your organization. Are you confident that you could competently respond to an OCR HIPAA audit? For help implementing HIPAA, see MPA’s HIPAA Guidance page.