Dive Brief:
- According to a response, dated September 23, to the HHS Office of Inspector General included in an HHS OIG report, the HHS Office for Civil Rights “will launch Phase 2 of our [HIPAA] audit program in early 2016.”
- The letter, written by HHS OCR Director Jocelyn Samuels, states Phase 2 will “test the efficacy of the combinations of desk reviews of policies as well as on-site reviews” and will include HIPAA business associates.
- While Phase 2 is moving forward, Samuels notes the scope and structure of the audit program in the long term will depend on the resource availability and allocation for the program.
Dive Insight:
Fortunately for journalists, HHS OIG’s report titles pretty much spell out what the agency believes and/or found. The report, titled “OCR Should Strengthen Its Oversight of Covered Entities’ Compliance with the HIPAA Privacy Standards”, falls in line with said structure.
The watchdog found OCR did not have complete documentation of corrective actions taken by covered entities in 26% of closed privacy cases. In addition, in about 50% of such cases, OCR determined covered entities were noncompliant with at least one privacy standard.
Samuels notes audit activities over the “next several months” include updating audit protocols and implementing a screening tool to assess size, type and other information about potential audit subjects.