Recently the Office of Inspector General (OIG) for the Dept of Health and Human Services (HHS) did a study and found that the Office of Civil Rights (OCR), which has responsibility for HIPAA compliance, is not doing enough to ensure covered entities (CEs), including healthcare providers and insurers, are effectively following HIPAA requirements. They found that most activities were reactive, not proactive. The OCR agreed with report’s recommendations and that they need to do more oversight actvities.
Look for more HIPAA compliance audits and enforcement activities in the coming months as funding for these activities is provided to the OCR.
Have you gotten all your compliance requirements met? This includes: establishing your policies and procedures; implementing them within your practice; ensuring everyone has taken training; ensuring all your business associates have signed a BA Agreement and have security controls in place; and performing a risk assessment; just to name the major requirements.
Make plans in the near term to address all HIPAA compliance requirements.
NOTE: All the 50 State Attorneys General office are also ramping up to do their own HIPAA compliance audits and enforcement, in addition to the OCR’s activities.
See the full report at http://oig.hhs.gov/oei/reports/oei-09-10-00510.pdf