HealthBlawg

David Harlow's Health Care Law Blog

  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

HIPAA Audits: The Latest Oracular Prognostications

March 18, 2015

OMB cleared the HIPAA pre-audit survey late last week. (H/T LifeHealthPro.) That is one crucial prerequisite to OCR's initiation of the new round of HIPAA audits that have been the subject of all the Delphic prophecies we keep hearing (the survey is required to collect information about covered entities and their business associates, since this round of audits is supposed to include a look at business associates . . . and OCR won't know who's a business associate unless they ask covered entities).

OCR has apparently already identified "several hundred" covered entities (see "OCR supporting statement A") to which it would like to administer the questionnaire this time around (out of an estimated 3 million covered entities).

OCR wants to select "an appropriate mix of size and complexity of entities to be audited" from a pool of no more than 500 potential covered entity auditees. It also projects administering the questionnaire to no more than 200 potential business associate auditees in 2015. (In 2012, 115 covered entities were audited. Seems like more audits will be conducted this time around.)  Screening questionnaires will be administered at the outset of each future round of audits, which OCR helpfully notes will be conducted, per the HITECH Act, on a "periodic" basis.

Some day, the federales may even update the posted OCR audit protocol to reflect the Omnibus Final Rule and really, really enter into this next phase of auditing. Before that happens, all covered entities and business associates should make sure that HIPAA compliance policies, procedures and workforce training processes are fully implemented and documented. Can't say I didn't warn you.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting  

Photo: Kufoleto via Wikimedia Commons CC

Related Posts

  • David Harlow In the Press: Security, Ransomware and HIPAA Audits

    Inquiring minds want to know -- and your faithful HealthBlawger has been interviewed here and…

  • HIPAA goes dark in New York

    Well, Broadway is still dark this week, and it seems the judges of the New…

  • HIPAA confusion and solutions

    The current AIS Health Report on Patient Privacy tells us: National Review of HIPAA Compliance…

Filed Under: Health care policy, Health Law, HIPAA, OCR, Privacy, Security

« Lessons from the Anthem breach
Meaningful Use Stage 3: The Buzz About APIs »

Threads

Follow me on: Threads

Mastodon

Follow me on: Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2025
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]