If you think HIPAA compliance is old news, think again. The Department of Health and Human Services’ Office for Civil Rights (OCR) piloted its audit program between 2011 and 2012 and found some disturbing weaknesses. OCR announced in September that it’s launching its permanent audit program in 2014.
This time around, health care covered entities won’t be the only ones audited by OCR either. Business associates and their subcontractors who have been entrusted with protected health information (PHI) are also liable for compliance with the new HIPAA Omnibus Rule and, therefore, are subject to being audited.
In light of this news, health care organizations should evaluate their organization’s compliance with HIPAA by completing an annual risk assessment, updating their policies and procedures, and educating their work force, as well as revisiting their existing business associate agreements.
Download the article below to read more.
Length: 2 pages (PDF 52 kB)