OCR To Solicit Feedback About HIPAA Compliance Audits
April 12, 2013
The top federal healthcare privacy and security regulator wants to know what officials from more than 100 organizations that have undergone privacy and security audits thought of the process and what can be done to improve it.
The office will ask leaders from all audited organizations—which included health plans, healthcare claims clearinghouses and providers—to complete an online survey asking them to “measure the effect,” including its costs, on their operations, and “gauge their attitudes towards the audit overall,” according to a notice of an official “information collection” activity to be published in the Federal Register by the Office for Civil Rights at HHS.
Click here to view official OCR notice (PDF)
The civil rights office, the chief enforcer of the privacy and security rules under the Health Insurance Portability and Accountability Act, was given the added task of conducting random privacy and security rule compliance audits under the more stringent HIPAA rules revisions contained in health information technology provisions of the American Recovery and Reinvestment Act of 2009.
The office wrapped up its first round of 115 audits under the new law in December. There is no word yet when a final report on the results of those audits will be released, according to a civil rights office spokeswoman Wednesday, but in an earlier interview, OCR Director Leon Rodriguez said “a good number of them” indicated providers had not performed HIPAA-required security risk analyses.
The office estimates that responding to the survey will take about two hours for each of the organizations to complete.