HHS to survey 1,200 — Audits might follow
The Department of Health and Human Services’ (HHS’) Office for Civil Rights (OCR) announced that it will survey up to 1,200 covered entities and business associates to find those in need of a full HIPAA compliance audit.
The survey will collect information such as the "number of patient visits or insured lives, use of electronic information, revenue, and business locations." The Health Information Technology for Economic and Clinical Health (HITECH) Act requires OCR to conduct periodic audits to ensure that covered entities and business associates are complying with the HITECH Act and its implementing regulations.
An audit of 115 covered entities in 2012 found that compliance issues with the HIPAA Security Rule. About two-thirds of audited entities did not have a complete and accurate risk assessment, and many entities were unaware of specific HIPAA Privacy Rule requirements, such as the obligation to provide a notice of privacy practices to individuals.