Message Boards
Today's Active Topics Today's Active Cases Browse Forum Categories My Recent Activity My Messages Private Groups My Marked Threads My Subscriptions
Today's Active Images Today's Active Polls Most Active Topics Global Townie Map Advanced Message Board Search Message Board Terms of Use

Help with HIPAA Compliance
Help with HIPAA Compliance
Helping you understand the complexities of compliance under the HIPAA Security and Privacy Rules. Our team of experts in regulatory compliance can answer any questions you may.
Blog By:
Colington Consulting
Colington Consulting

HHS Office of Civil Rights Seeking Public Comment on HIPAA Audit Program

3/6/2014 1:57:23 PM   |   Comments: 0   |   Views: 2518

On February 24, 2014, the Office of the Secretary, Department of Health and Human Services (HHS), announced plans to submit a new Information Collection Request (ICR) to the Office of Management and Budget (OMB) for public comment on the HIPAA Audit Program. 

This information collection consists of a survey of up to 1200 HIPAA covered entities and business associates to determine suitability for the Office for Civil Rights (OCR) HIPAA Audit Program. The survey will gather information about respondents to enable OCR to assess the size, complexity and fitness of a respondent for an audit.  Information collected includes, among other things, recent data about the number of patient visits, use of electronic information, revenue and business locations.

OCR is mandated to conduct periodic audits to assess the compliance of covered entities and business associates with the HIPAA Privacy, Security and Breach Notification Rules. This information collection will enable OCR to assess the suitability of respondent covered entities and business associates for audits.

In April 2013, OCR released its finding from the HIPAA compliance pilot audit that was contracted out to and conducted by KPMG.  A couple of the security findings blatantly standout:

  • No complete and accurate risk assessments were found in 66% of the entities.

  • Common among across all entities was an unawareness of the requirements, including media movement and disposal and audit controls and monitoring.

What does this mean for solo and small practices and business associates that do not have all the complex regulation requirements in place?   It is a warning shot to give your practice or business time to get its HIPAA compliance efforts in place.  There is no doubt OCR is looking for every way it can to expand enforcement efforts.  The pilot audit clearly identified the need for additional oversight. 

What can you do now?  Start by reviewing all the HIPAA Security basics found on the HHS website at http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/security101.pdf.

Your practice or business HIPAA compliance priority list must include:

  1. An up-to-date HIPAA Risk Management Plan that includes all security policies and procedures;

  2. A recent HIPAA Risk Analysis;

  3. Staff Security Awareness Training (during onboarding and as a periodic refresher);

  4. The use of Business Associative Agreements.

For further assistance or guidance, please contact our HIPAA Security Compliance team at info@colingtonsecurity.com.

You must be logged in to view comments.
Total Blog Activity
997
Total Bloggers
13,451
Total Blog Posts
4,671
Total Podcasts
1,788
Total Videos
Dentaltown Magazine
April 2024
Dentaltown Magazine April 2024 Read Current Issue Read Archived Issues
Sponsors
Townie Perks
Townie® Poll
Have you ever switched practice management platforms for your practice?
  
Site Menu
Message Boards Magazine Continuing Education Podcasts Blogs Classifieds News Events Townie® Poll Ebooks Townie Choice Awards
Company Info
Contact Us Advertise With Us Howard Farran DDS, MBA Policies and Agreements
Site Help
Sally Gross, Member Services Specialist
Phone: +1-480-445-9710
Email: sally@farranmedia.com
©2024 Dentaltown, a division of Farran Media • All Rights Reserved
9633 S. 48th Street Suite 200 • Phoenix, AZ 85044 • Phone:+1-480-598-0001 • Fax:+1-480-598-3450