HIPAA Compliance Audits

Feb. 23, 2012
During HIMSS 12, Mac McMillan, chair of the HIMSS Privacy and Security Task Force (and CEO of Austin, Texas-based CynergisTek, Inc.), said that business associates will come under increasing scrutiny in HIPAA audits by the HSS Office of Civil Rights.
During HIMSS 12, Mac McMillan, chair of the HIMSS Privacy and Security Task Force (and CEO of Austin, Texas-based CynergisTek, Inc.), said that business associates will come under increasing scrutiny in HIPAA audits by the HSS Office of Civil Rights.
The focus of the audits is on learning and assessing compliance in general, he said. The OCR is not looking at audits as punitive tool at this point in time, he said. Audits are supposed to help the OCR determine how the industry is doing, and where the gaps are regarding security of data, he said.
One group that will come under increasing attention is business associates, he said. “Smaller hospitals can have tens to hundreds of business associates, and larger hospitals can have thousands,” he said. The range of business associates is large and varied, McMillan says. While some business associates have access to only a limited amount of data, others have access to large amounts of data. 
OCR is still trying to get a handle around business associates, he said. The HIPAA Omnibus rule that is due out will provide more guidance on business associates, McMillan says.
By the end of 2012, the audits should provide the OCR with a substantial database of results from provider organizations of all sizes. This should give a good idea of whether compliance is working, or whether more enforcement is needed, McMillan said.
Where funding will come from after 2012 is an open question, McMillan says. If there is a need for more enforcement, one thought is that fines may support future activities. In that case, it is possible that after 2012 the audits could take on a more punitive role.
The healthcare industry should be concerned about security audits collectively, because it has a lot at stake on their results, and will live with the outcomes. 

Sponsored Recommendations

Care Access Made Easy: A Guide to Digital Self Service

Embracing digital transformation in healthcare is crucial, and there is no one-size-fits-all strategy. Consider adopting a crawl, walk, run approach to digital projects, enabling...

Powering a Digital Front Door with a Comprehensive Provider Directory

Learn how Geisinger improved provider data accuracy, SEO, and patient acquisition with a comprehensive provider directory.

Data-driven, physician-focused approach to CDI improvement

Organizational profile Sisters of Charity of Leavenworth (SCL) Health* has been providing care since it originated in the 1600s in France as the Daughters of Charity. These religious...

Luminis Health improved quality and financial outcomes with advanced CDI technology and consulting from 3M

In the beginning, there were challengesBefore partnering with 3M Health Information Systems (HIS), Luminis Health’s clinical documentation integrity (CDI) program faced ...