I have often said in my workshops that the HIPAA police force will one day be mobilized, and it looks like that day is getting closer. The Office of Civil Rights is the organization within the Federal Government that oversees HIPAA. They announced this week that they will be starting a pilot program for Privacy and Security Audits that will run from 11/1/11 through 12/31/12. A random number of covered entities will be contacted to participate; 150 audits in total are expected OCR plans on using the audits to assess HIPAA compliance over a wide range of covered entities.
If your practice is chosen, you will be notified in writing starting 11/1/11, and under the HIPAA Enforcement Rule, your full cooperation is expected.
Upon receipt of your written notice, you will have 10 business days to supply all requested documentation. Once the auditor receives your documentation, the auditor will make an onsite facility to observe and question key staff on your practices for HIPAA compliance. The estimate of time that the auditor will be onsite is 3 – 10 days, depending on the size of your practice. The auditor will then prepare a written draft final report for you to comment on and provide a Plan of Correction, if needed. You will have 10 business days to make your comments and Plan of Correction. After you submit your comments and, if needed your Plan of Correction, the auditor will create the final audit report and submit the Final report within 30 days to OCR. OCR can launch a full compliance review should the audit indicate a serious compliance issue.
If you have not addressed HIPAA in your practice, now is the time – In the words of JFK, the best time to put on a new roof is when the sun is shining. Contact Iris if you have questions about how to bring your practice up to speed!