H&W: HIPAA Privacy and Security Audit Program

By Compliance Dashboard

on November 22, 2011

Share:

HIPAA Privacy and Security Audit Program: The Office of Civil Rights (“OCR”), which is the division of the Department of Health and Human Services (“HHS”) that is responsible for enforcement of the HIPAA Privacy and Security Rules and the Breach Notification standards, recently announced the “pilot phase” of a HIPAA audit initiative beginning immediately and extending through December of 2012.

According to the OCR’s website, over the next year this initiative will include a broad range of HIPAA covered entities, including group health plans, health care providers, and health care clearinghouses. Although HIPAA business associates are not the target of the initial pilot program, OCR indicates that business associates will be included in future audits.

The beginning of this OCR’s formal audit program serves to highlight the importance of periodic review of group health plan HIPAA compliance by plan sponsors. This HIPAA compliance review should include, at a minimum, the following steps:

Review of plan documentation to ensure that appropriate provisions addressing HIPAA obligations are included;
Implementation and periodic review of written HIPAA privacy policies and procedures;
Implementation and periodic review of required administrative, technical and physical safeguards related to electronic protected health information;
Implementation and documentation of a risk assessment and breach notification procedures;
Review of business associate agreements, as well as periodic audit of HIPAA compliance procedures adopted by business associates; and
Periodic workforce training regarding HIPAA’s privacy and security requirements for those workforce members with access to group health plan information.

Conducting this compliance review in the near future will ensure that your company’s group health plan is not caught off guard by a HIPAA audit, and avoid the potential imposition of noncompliance penalties by OCR.

More From the Blog

View all

From Chaos to Clarity: Your Open Enrollment Game Plan

Every year, open enrollment brings new rules, new deadlines, and new headaches—but this year, you can be ahead of the game. This isn’t another boring compliance lecture. We’re breaking down plan document mysteries and open enrollment chaos into actionable steps you can actually implement without needing a law degree.

A Timeline of the AHP Final Rule and Recent Litigation

On June 21, 2018, the Department of Labor (“DOL”) published an Association Health Plan Final Rule (“AHP Final Rule” or “Final Rule”) expanding the definition of “employer” under ERISA Section 3(5) for purposes of determining…

DOL Releases Second Guidance on Recent AHP Litigation

In response to the recent litigation surrounding association health plans (“AHPs”), the Department of Labor (“DOL”) released its second guidance on May 13, 2019, regarding the United States District Court for the District of Columbia’s…

Products

Products by Name

Solutions by Role

Solutions by Need

Solutions by Industry

About

Resources

Terms of Use Privacy Policy

2025 State of Workplace Empathy Report

Schedule a 20-minute demo