OCR To Solicit Feedback About HIPAA Compliance Audits

Posted on April 12, 2013 by Frank J. Rosello

The top federal healthcare privacy and security regulator wants to know what officials from more than 100 organizations that have undergone privacy and security audits thought of the process and what can be done to improve it.

The office will ask leaders from all audited organizations—which included health plans, healthcare claims clearinghouses and providers—to complete an online survey asking them to “measure the effect,” including its costs, on their operations, and “gauge their attitudes towards the audit overall,” according to a notice of an official “information collection” activity to be published in the Federal Register by the Office for Civil Rights at HHS.

Click here to view official OCR notice (PDF)

The civil rights office, the chief enforcer of the privacy and security rules under the Health Insurance Portability and Accountability Act, was given the added task of conducting random privacy and security rule compliance audits under the more stringent HIPAA rules revisions contained in health information technology provisions of the American Recovery and Reinvestment Act of 2009.

The office wrapped up its first round of 115 audits under the new law in December. There is no word yet when a final report on the results of those audits will be released, according to a civil rights office spokeswoman Wednesday, but in an earlier interview, OCR Director Leon Rodriguez said “a good number of them” indicated providers had not performed HIPAA-required security risk analyses.

The office estimates that responding to the survey will take about two hours for each of the organizations to complete.

 

• Recent News

  • Texas Launches Certification Program To Bolster HIPAA Compliance
  • Internet Explorer Vulnerability: Steps To Take
  • Five Misconceptions About Cloud Computing
  • ONC Chief’s Perspectives On Patient Privacy and Security
  • ONC Chief DeSalvo Charts New Course

• Press Release Archives

• EI Connections Newsletter Archive

  
  

  Sign up for the
  EI Connections Newsletter

  * Email

  
  

• Categories

  • ACA
  • ACO Rule
  • ACOs
  • Cloud Computing
  • CMS
  • CMS eRx Rules
  • CMS Final Rule
  • CMS Proposed Rule
  • e-Health
  • EHR Adoption
  • EHR Data Sharing
  • EHR Implementation
  • EHR Incentives
  • EHR Information Security
  • EHR Meaningful Use
  • Electronic Health Records
  • Electronic Medical Records
  • EMR
  • Environmental Intelligence
  • Health Information Exchange
  • Health IT
  • Health IT Best Practices
  • Health IT Data Security
  • Health It Interoperability
  • Health IT Policy
  • Health IT Services
  • Healthcare
  • Healthcare Information Security
  • Healthcare Leasing
  • HHS
  • HHS Final Rule
  • HHS Initiatives
  • HIE
  • HIPAA 5010
  • HIPAA Complicance
  • HIPAA Omnibus Rule
  • HIPAA Privacy and Security Rule
  • ICD-10
  • Meaningful Use
  • medical practice best practices
  • mHealth
  • ONC
  • Patient Privacy
  • Personal Health Record
  • PHI Data Security
  • Press Releases
  • Radiology Systems
  • Telehealth
  • Telemedicine

• Tag Cloud

  CMS CMS EHR Incentives CMS Policy EHR EHR Adoption EHR Best Practices EHR Cloud Hosting EHR Consulting EHR Hosting EHR Implementation EHR Incentives EHR Study EHR Technology Enhancements EI Connections Newsletter Electronic Health Records Electronic Medical Records EMR Environmental Intelligence Healthcare Health Information Exchange Health IT Health IT Best Practices Health IT Information Security Health IT Policy Health IT Services Health IT Standards Health IT Tips HHS HIE HIE Standards HIPAA Compliance HIPAA Privacy and Security Rules HIT ICD-10 Meaningful Use medical practice best practices OCR ONC Patient Experience PHI PHI Data Breaches PHI Data Security PHI Security Stage 2 Meaningful Use Rule Stage 3 Meaningful Use