Surveys of Covered Entities and Business Associates Aimed at Building OCR HIPAA Audit Program

On May 12, 2014, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published a Notice in the Federal Register indicating that “pre-audit” surveys will be sent to 1,200 randomly selected organizations in connection with the development its permanent HIPAA audit program. The organizations will include approximately 800 covered entities and 400 business associates. The goal of the survey is to gather information about the responding organizations in an effort to assist the OCR in assessing the size, complexity and fitness of the entity for an audit. The information requested will include data about the number of patient visits or insured lives, use of electronic information, revenue, and business locations. OCR estimated that covered entities and business associates may spend approximately 30-60 hours responding to the surveys. The surveys are intended to assist in the development of the permanent HIPAA audit program, which will be used to evaluate compliance with the HIPAA Privacy, Security, and Breach Notification Rules.

As discussed in our previous blog post, HHS-OCR first published the same Notice in the Federal Register on February 24, 2014 with a 60-day comment period. The agency has now put the notice back out with an additional 30 day period for comments. Comments from both periods will be submitted to the Office of Management and Budget (OMB) for review and approval.

Speak Your Mind

*