OCR Confirms HIPAA Re-Screening Surveys Dispatched

by Ryan Coyne | May 25, 2015

The Department of Health and Human Services’ Office for Civil Rights has confirmed – to Fierce Health IT – that its preliminary HIPAA surveys have now been issued, marking the start of the 2015 HIPAA compliance audits.

In a recent article in the National Law Review, McDermott Will & Emery revealed that phase 2 of the HIPAA compliance audits was no longer being delayed, after the firm had been advised by some of its clients that an OCR HIPAA audit screening survey had been received.

The aim of the screening surveys is to ensure that all contact and organization information is up to date. The OCR auditors can then pick the organizations most appropriate for audit. From the responses, it is predicted that the OCR select 350 covered entities and 50 Business Associates for an audit on the Security Rule, Privacy Rule, Breach Notification Rule or a combination audit comprising 2 or 3 audit modules.

The OCR is expected to audit healthcare suppliers, health plans and healthcare clearinghouses first, with Business Associate HIPAA audits to come.

It is not clear at this early stage whether the surveys have been issued to all 1,200 bodies that formed the initial sample or if Business Associates have been contacted yet. McDermott Will & Emery believes that the OCR is working with a pool of 550 and 800 CEs. If this is the case, any covered body receiving a survey may have a 50% chance or higher of being audited.

The OCR statement, broadcast via e-mail, confirmed that the pre-audit surveys had been sent, but no information was given as to when the second round of compliance audits will be taking place. According to the original schedule for the audits that were supposed to begin in the fall of 2014, the surveys were scheduled to be sent around this time of year indicating that the audits will only have been delayed a year and will be carried out this fall.

The statement revealed “Additional information about the audit program is forthcoming,” with covered entities instructed to “Check our website for updates.”

Once the notice is published on the OCR website, the audits are expected to start approximately 90 days later, giving covered entities three more months to make sure they are fully HIPAA-compliant before it is put to the test.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Used in 1000+ Healthcare Organizations and 100+ Universities

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter