The Office of Civil Rights (OCR) is about to launch the next round of HIPAA audits, designated as Phase 2. The initial phase of audits in 2011 and 2012 established that security compliance was woefully poor and expectations for these next round of audits are compliance hasn’t improved significantly. Statistics recently published state that 90% healthcare providers have experienced a breach within the past year! It gets worse. In 2014, 8 million healthcare records were improperly disclosed or stolen. During the first quarter of this year, more than 91 million healthcare records were breached, over an 11 fold increase in just 3 months! If this level of theft were to continue through 2015, that would be 4550 percent increase over 2014! More than enough records to cover the entire population of the United States!
This next round of audits are different, focusing on high risk areas intended to uncover vulnerabilities rather than the broad application of HIPAA regulations. They plan to target Phase 1 audit findings of non-compliance including risk analysis, risk management, breach notifications protocols and practices, individual access to PHI, the Privacy Standards’ reasonable safeguards requirement, workforce training, device and media controls, and transmission security. A percentage will be on-site audits and the audits will cover the spectrum of healthcare entities from insurers, providers, clearing houses and business associates. Poor audit findings and non-compliance can results in significant monetary fines.
Yes, I think it is safe to say the OCR is back, and they’re not happy.
Original untouched auditor photo (c) eric1513 www.fotosearch.com Stock Photography