New HIPAA Self-Assessment Tool Launched by Day Pitney Ahead of Compliance Audits

by | Dec 16, 2015

Day Pitney LLP has launch of a new HIPAA Self-Assessment Tool just before of the second round of Dept. Health and Human Services’ Office for Civil Rights HIPAA-compliance audits.

The law firm, with approximately 300 attorneys in it its Connecticut, New Jersey, New York, and Washington, D.C.  offices, has developed the HIPAA Self-Assessment Tool to help covered bodies with their final compliance efforts before the audits begin next quarter.

The HIPAA Self-Assessment Tool allows covered bodies to assess their organization for potential HIPAA violations, allowing them time to address any problems before they are found by auditors. Covered bodies should already have conducted risk assessments to identify security vulnerabilities, although recent review carried out by Office for Civil Rights have shown that dangers are often allowed to persist. Failures to conduct complete risk assessments have been cited in the settlements reached with covered bodies in 2015.James Bowers, Day Pitney director of Compliance Risk Services and former chief compliance officer at Aetna Inc., recently highlightedthat “Companies should really start self-audits as soon as possible to make sure they are in compliance with the HIPAA rules.”

The risk assessment must point out all security risks that exist at an organization, and efforts must be made to address those risks. So far this year, a number of covered bodies have been found to have missed the risks associated with portable storage devices and laptop computers. Others did not update software, change default passwords on medical devices, conduct comprehensive staff training programs on data privacy and security issues, and have not put in place appropriate administrative, technical, and physical safeguards to keep ePHI secure.

The HIPAA Self-Assessment Tool allows compliance officers, privacy officers, medical records managers, CISOs, and CIOs to make final preparations before the audits. While there can be no guarantee that use of the HIPAA Self-Assessment Tool will mean that an audit is passed, organizations can benefit greatly from availing of the HIPAA Self-Assessment Tool and can find gaps in their HIPAA-compliance programs. Even when considerable time, resources, and effort have been put into compliance, gaps may remain in place.

This phase of the HIPAA-compliance audit program has been delayed, although major progress has been made and OCR has revealed the next phase will start in early 2016. The audits will review compliance with the HIPAA Privacy, Security, and Breach Notification Rules. OCR will look at specific areas of compliance and will hope to see evidence of HIPAA in action. The HIPAA Self-Assessment Tool is simple to use.

Susan Huntington stated: “Once a client inputs its information, the Tool provides an automated assessment summary”. She added, “If there are areas of noncompliance, our team is ready to work with the client to address and correct such areas.”

The aim of the audits is not to punish organizations for failing to adhere with Health Insurance Portability and Accountability Act Rules, but rather review whether covered entities have applied HIPAA Rules to safeguard ePHI and prevent data breaches.

While the initial round of compliance audits only saw Corrective Action Plans (CAPs) issued for non-compliance dangers discovered by auditors, OCR is  not likely to be as lenient this time around. The Security Rule has been in operation since April 21, 2005, and the Privacy Rule since April 14, 2003. Covered bodies have therefore had plenty of time to bring policies and procedures up to the HIPAA standard.



Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy