New round of HIPAA compliance audits underway

New round of HIPAA compliance audits underway

"An entity that does not respond to OCR may still be selected for an audit or subject to a compliance review."

Doctors of optometry may be selected for a new round of compliance audits under the Health Insurance Portability and Accountability Act (HIPAA). According to the Office of Civil Rights (OCR), U.S. Department of Health and Human Services, Phase 2 of its HIPAA audits is underway.

AOA members should check their email inboxes—including their spam folders—for messages from the OCR seeking their contact information. After OCR receives responses to this initial email, it will send a "pre-audit questionnaire," asking respondents about their organization's size, type and operations. Based on the questionnaires' results, OCR will create a pool of potential candidates to be randomly selected for audits. This pool will represent a wide range of entities covered by HIPAA's Privacy, Security and Breach Notification Rules."

Ignoring the requests won't get you out of an audit. Responses are expected in a timely manner.

"If an entity does not respond to OCR's request to verify its contact information or pre-audit questionnaire, OCR will use publically available information about the entity to create its audit subject pool," the OCR wrote in a March 21 notice. "Therefore, an entity that does not respond to OCR may still be selected for an audit or subject to a compliance review."

To determine compliance, auditors will review an entities' policies and procedures for compliance with HIPAA rules. Information gathered from the audits will then be used to develop a permanent HIPAA audit program, which OCR is now piloting. Under Phase 1, OCR set up a pilot audit program to assess entities' controls and processes for compliance with the law. Protocols for any audits conducted this year will be posted to the OCR website.

The AOA recommends that members be prepared in case they are audited. Learn about member-exclusive resources from AOAExcel® to help in achieving HIPAA compliance at excelod.com.

March 28, 2016

comments powered by Disqus