A new information collection request will be filed soon (two months from now or so), according to the HIPAA audit questionnaire burden estimate published Monday, February 24. (H/T Art Gross, HIPAA Secure Now.) The filing shows that OCR intends to administer 1200 questionnaires to a mix of covered entities and business associates. The questionnaires are estimated to take 30 minutes to complete.
Once those questionnaires hit the street, the full force of OCR will not be far behind. In light of the latest multimillion dollar HIPAA penalty — this one levied by the Puerto Rican government against an organization that might actually be around long enough to cough up the big bucks, as opposed to Cignet (and there's no telling what OCR might do in addition to that) — let's just say it behooves all covered entities and busienss associates out there that have not yet put their house in order from a HIPAA/HITECH compliance perspective to do so now.
Do not pass Go. Do not collect $200. Go directly to: HIPAA Compliance.