OCR To Start Auditing Providers for HIPAA Compliance

November 28, 2011 – In The News
Medical Practice Compliance Alert

Michael Kline commented on the Office of Civil Rights' (OCR) November 8th announcement to audit providers for HIPAA compliance through December 2012.

While many details of the audits are still unclear, they have provided information regarding notification. Entities that are targeted for audit will receive a notice and a letter from KPMG requesting information. The type of information they will request is not yet known.

"OCR will look to see when those policies and procedures were enacted, so you could be under even more scrutiny [if you're unprepared]," said Kline.

Another stressing question is who will be audited? Kline says OCR may audit those with identified problem areas or entities OCR believes are at risk of noncompliance.

While only 150 entities will be audited, Kline warns it will be quite burdensome and those audited will likely undergo a very detailed audit, similar to tax audits conducted by the IRS in the 1990's, another "random" audit program, which some called "nightmares."

What is clear is that this uncharted territory for you and OCR, and is subject to change, said Kline.

"What should providers be doing? What is the standard [of best practices] of each type of covered entity? This is the daunting task for everyone," Kline said.