HIPAA Audit Update

The US Department of Health and Human Services (HHS) is currently implementing audits to meet requirements in the HITECH Act for performing periodic audits of compliance with the HIPAA Privacy and Security Rules, and up to 150 random HIPAA compliance audits will be performed by the end of 2012.  Even smaller physician groups have wound up being audited, with net settlements for hundreds of thousands of dollars.  While in the past, audits had been performed only at entities that had a complaint filed against them, the new rule calls for audits whether or not there is a complaint.  This means, the HHS Office for Civil Rights (OCR) can show up at your door and ask to perform an audit on short notice, and your office will need to be ready, or face fines of up to $50,000 per day for each regulatory provision violated.