OCR HIPAA Desk Audits are Coming

As many of you in the Healthcare arena have heard me, and others, say the HIPAA audits are coming. We fully expect a day when audits are a regular course of business similar to the way it is handled in banking and finance where the state, FDIC, NCUA, etc come in on a regular (sometimes annual) basis and perform their audits. The handwriting is on the wall as OCR continues to publish guidance that is preparing healthcare entities and business associates for this future reality.

This has become more evident recently after OCR announced the upcoming expansion of HIPAA desk audits. We have recently heard of two healthcare organizations in Middle and East Tennessee receiving letters of notification for desk audits - it's coming! The best thing you as a covered entity or business associate can do is to do everything possible to get ready. Below is some guidance from the website HealthIT Security on being prepared for a Desk Audit:

http://healthitsecurity.com/features/what-entities-need-to-know-about-upcoming-ocr-hipaa-audits

For our customers we strongly recommend you have conversations with your leadership, your physicians and your vCIO on being prepared. It's important to understand the gaps that exist, and have an addressable plan that you are following. At a minimum OCR is going to want to see that you aren't sticking your head in the sand and hoping that it all goes away.

July 14th, 2016 |Categories: OCR, Healthcare, Security, Audit, HIPAA, ITSecurity, Compliance

Recent Posts