Desk Audits. HIPAA Audits Are Underway!

July 26th, 2016HIPAA

BA Desk Audits Right Around the Corner

On July 11, 2016, HHS Office of Civil Rights (OCR) notified 167 Covered Entities (CE) of their selection, via a random sampling process, to participate in HIPAA desk audits. Desk audits will be limited in scope to a total of seven (7) Privacy, Security, and Breach Notification Rule requirements. To review these elements go to:
https://www.hhs.gov/sites/default/files/2016HIPAADeskAuditAuditeeGuidance.pdf

Some CEs may be chosen for further review via onsite audits. Comprehensive onsite audits of both CEs and BAs will begin in early 2017. They will evaluate auditees against a comprehensive set of HIPAA compliance controls.

MECHANICS
CEs (and, later, Business Associates (BAs)), will receive two (2) separate documentation requests from OCR – one asking for a listing of policies, procedures, and/or other related documentation, and one requesting a list of all the CE’s BAs. The request will specify the documentation elements to be provided.
Each auditee is expected to:

Provide only the policies andprocedures that are relevantto the controls requested;
Provide clear, complete, andresponsive documentation toOCR; and
Auditees will not receive“credit” for a laterdocumentation submission.

If a CE/BA does not have the requested documentation, it must submit an explanation for the deficiency in its response.

Following the desk audit, OCR will prepare and share draft findings and will share them with the CE/BA. The CE/BA may respond to the draft findings in writing and those responses will be included in the final audit report. Final audit reports will describe how the audit was conducted, present any findings, and contain entity responses to the draft findings.

Note that OCR has separate, broad authority to open a compliance review of any CE/BA where significant threats to the privacy and security of PHI are revealed through the audit.

BA DESK AUDITS RIGHT AROUND THE CORNER

BA desk audits will begin in the Fall. The selection pool will be comprised largely of BAs identified by the audited CEs in their document responses.

Comprehensive onsite audits of both CEs and BAs are expected to begin in early 2017.

Click here for frequently asked questions and answers.

Sullivan Stolier Schulze & Grubb LC has assisted healthcare providers for many years with compliance and other healthcare regulatory issues.

“Desk Audits. HIPAA Audits Are Underway!”

Michael R. Schulze

Share This Article

Looking for representation?

The lawyers at Sullivan Stolier Schulze have the ability to handle your legal needs with the highest degree of competence and care. The combination of experience, approach, competitive rates, and prompt service are the resources our Firm provides. If you have a need in healthcare –
THINK – THE HEALTH LAW CENTER.