Are You Ready for HIPAA and HITECH Audits?

The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) is launching a pilot program this month to make sure covered entities are in compliance with HIPAA privacy and security rules and breach notification standards, according to the OCR. The OCR will perform up to 150 audits to assess HIPAA compliance.

The HITECH Act requires HHS to perform periodic audits to check for HIPAA compliance. The audits will be conducted from November 2011 through December 2012. Initially these audits will likely focus on hospitals and insurance companies, but HMEs could also be a target.

Though early audits are likely to be educational, in order to get a basic assessment of where providers stand in regards to HIPAA, that doesn’t mean there won’t be repercussions for violations. Because the privacy rule has been established since 2001 and the […]

By |2024-03-14T10:00:27-04:00June 1, 2018|Categories: Health Care Industry, HIPAA, Hitech Act, The Health Law Firm Blog|Tags: , , , , , , |Comments Off on Are You Ready for HIPAA and HITECH Audits?

Alleged HIPAA Privacy Violations at the Center of a Recent Physician Group Settlement with HHS

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

A small physician group has reached a settlement with the United States Department of Health and Human Services (HHS) Office for Civil Rights (OCR) over alleged Health Insurance Portability and Accountability Act of 1996 (HIPAA) violations. The settlement was reached on April 17, 2012 and requires Phoenix Cardiac Surgery (PCS) to pay OCR $100,000 and enter into a one-year corrective action plan (CAP).

The Resolution Agreement and Corrective Action Plan can be viewed here.

HIPAA Complaint Against PCS Stemmed from Internet Calendar Postings

OCR’s investigation of PCS was launched in 2009 after a complaint was received. Click here to view a HIPAA complaint that you can file online. The complaint alleged that PSC had disclosed protected health information (PHI) on […]

OCR Releases Results From First Round of HIPAA Audits

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

The Office for Civil Rights’ (OCR) has release information on the initial round of mandated audits of Health Insurance Portability and Accountability Act (HIPAA) covered entities. The OCR announced official details concerning the audits at an OCR and National Institute of Standards and Technology (NIST) conference held June 6, 2012.

Initial HIPAA Audits Started November 2011.

As required by the HITECH Act, the OCR began auditing selected covered entities’ compliance with the privacy and security provisions of HIPAA and its implementing regulations in November 2011. The OCR selected 150 covered entities to be audited in the pilot phase by KPMG LLP (KPMG). KPMG is the audit contractor chosen by the OCR to perform HIPAA audits. The first 20 audits concluded in March 2012. […]

Preparing for HIPAA Audits

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

The Office of Civil Rights (OCR) has recently released the initial results for the first round of HIPAA audits, as well as the HIPAA audit protocol. Covered entities need to review both the audit results and audit protocol to assist in preparing for the possibility of a HIPAA audit.

Tips to Prepare for a HIPAA Audit.

Although the first round of audits has concluded, HIPAA audits will continue to be conducted through December 2012. Covered entities that avoided the first round of HIPAA audits can learn from the results released by OCR. The OCR is also expected to release an audit protocol which will further assist covered entities in learning how to prepare for a HIPAA audit. The following tips should assist covered entities […]

Cyber Attack at Community Health Systems Affects 4.5 Million Patients-Could This be a New Trend?

Patricia's Photos 013By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar  in Health Law

On August 18, 2014, Community Health Systems, a Tennessee-based hospital chain that has 206 hospitals in 29 states, announced that its computer system was hacked. According to a number of news reports, an outside group of hackers, originating in China, used highly sophisticated malware and technology to steal 4.5 million patients’ non-medical data. The hackers were able to obtain patients’ names, Social Security numbers, addresses, birth dates, and telephone numbers.

According to the Orlando Sentinel, in Florida, St. Cloud Surgical Associates, St. Cloud Medical Group, and Urology Associates of St. Cloud were among the practices where medical data was stolen. The article did not mention how many patients in Florida were affected. Click here to read the story from the Orlando […]

Go to Top