Day Pitney healthcare attorneys Jim Bowers and Eric Fader were quoted in the April 5 article "Preparing for a HIPAA compliance audit" in Compliance Week. The article reports on steps healthcare entities can take to prepare for the much-anticipated second round of HIPAA compliance audits now underway by the Department of Health and Human Services' Office for Civil Rights (OCR). The second-round audits have been discussed frequently on this blog.
Jim said that a report by the HHS Office of Inspector General that was critical of OCR's enforcement of the HIPAA Privacy Rule during the first round of audits, in 2011-12, prompted OCR "to be a bit more rigid during this phase than the last phase." He added that a substandard audit report, if released under the Freedom of Information Act, could find its way "into the hands of plaintiffs' counsel, thereby exposing organizations to private actions, as well as state attorney general actions."
Eric pointed out that a covered entity's or business associate's failure to follow certain core requirements of HIPAA would likely automatically be considered a "serious violation," potentially resulting in a full-blown enforcement action, and that an enterprise-wide risk assessment "would uncover the types of omissions and shortcomings that audits are likely to be looking for."
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
