Datica Blog

2015 HIPAA Audits Ramping Up

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

July 10, 2015   HIPAA Company

The HIPAA audit program is gearing up in 2015 to unpredictably assess healthcare covered entities and business associates for compliance with the HIPAA security, privacy, and breach notification rules set forth by the Office for Civil Rights.

Back in 2012, the HIPAA Compliance Audit program did a year of trial audits and now that the US Department of Health and Human Services has had sufficient time to analyze the results, the 2015 HIPAA Audit Program has been revealed. Most likely the key objectives for this round of audit questioning will be to focus on the inadequacies spotted in the 2012 trials. Requisitions for information have been consigned to near 1200 covered entities and business associates by the HHS to ascertain if it would be apropos to audit. Since new HIPAA rules enact higher fines - mandatory minimum fines of $10, 000 - for willful neglect of compliance, being sagacious and preconditioned for an unprecedented audit is more important than ever. Federal and private officials have openly and candidly stated that enforcement is a top priority of the HHS. So a message to non-compliant covered entities and business associates: Beware that there will be little to no leniency for non-compliance now and for many years to come.

Key Takeaways from 2012 Audits

  • Covered entities on the smaller side bore many more issues. The smaller entities represented 66% of paucity findings.
  • An inordinate amount of these inadequacies were by healthcare providers. These providers accounted for 50% of the audited entities and recounted for 81% of these insufficiency findings.
  • 65% of overall findings were in relation to the Security Rule, but the OCR did ascribe this to the audit protocol having primary focus on security rather than breach notification or privacy.

Top 2012 Security Enigmas to Note for 2015 Audits

  • Operator activity monitoring
  • Validation/probity
  • Medium usage and destruction
  • Circumstantial/crisis planning
  • Risk Assessment
  • Admitting and adjusting operator access

Top 2012 Privacy Enigmas to Note for 2015 Audits

Have any questions or concerns? All of us here at Catalyze are available anytime for your support. Reach out to us directly or tweet us @catalyzeio and be sure to keep following our blog for regular updates.

Earlier

An explanation of Adam Schefter's Tweet: News media, professional athletes, and HIPAA

With thousands of retweets in mere hours, ESPN reporter Adam Schefter’s tweet of a Giants player’s medical record prompted a backlash about personal privacy.

Next Post

Catalyze Policies - Ready For Deployment

When we first open-sourced our policies we were not expecting to be enamored with such praise.