The End of HIPAA Audits?

The End of HIPAA Audits?

by Yenny (SU)

Recently, Department of Health and Human Services’ Office for Civil Rights Director Roger Severino signaled an end to the latest wave of HIPAA audits – but “no slowdown in our enforcement efforts.”

What does this mean for your medical practice and its liability under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)?

According to Severino, the Office for Civil Rights (OCR) is examining its regulations to determine whether “undue burden” on the health care industry can be eased. Under the Trump administration’s executive order, two regulations need to be removed for every new regulation implemented. Acknowledging that “we are in a deregulatory environment,” Severino disclosed that the U.S. Department of Health and Human Services (HHS), along with the OCR, are reviewing their regulations to see if benefits and outcomes are outweighing costs.

As a result, the OCR has ended Phase 2 of the HIPAA audit program in which HHS had randomly requested documentation and evidence from organizations required to be HIPAA compliant. These “desk audits” were conducted to assess the overall compliance of both covered entities and business associates with plans to share the results gathered through the audit process and issue guidance identifying compliance challenges and best practices. The final phase of this audit program will be the compilation of those findings to be made public.

However, Severino has warned that the OCR is “still looking for big, juicy egregious cases” for enforcement of HIPAA rules and procedures, adding that entities large and small are still in the OCR’s crosshairs. “We’d like to put ourselves out of business [as an enforcement agency],” Severino has said. “Unfortunately, [cases] are growing steeply up.”

In fact, since 2009, access to about 177 million medical records have been breached, resulting in 50 settlement agreements and three civil monetary penalty cases as a result. In 2016, the OCR collected nearly $25 million in HIPAA-related settlements and collected another $19.4 million in 2017.

According to the OCR, 38 percent of reported cases of data breaches affecting 500 or more individuals were the result of theft, with about one in five of those breaches involving paper documents. Online hacking constituted 19 percent of reported security breaches and that number is growing.

This is why due diligence when it comes to abiding by HIPAA rules and regulation remains a top priority for your practice – regardless of the desk audits being discontinued. The OCR is still focused on enforcement and issuing heavy fines to medical practices large and small that have experienced a breach of protected health information because of a violation of HIPAA privacy rules.

To learn more about HIPAA compliance requirements and how it affects your practice, contact Colington Consulting at (800) 773-6379. We are experts in the field of HIPPA rules and procedures. Colington Consulting can help you avoid problems and steep fines by bringing your practice into complete HIPPA compliance. It is what we do best, allowing you to do what you do best … provide health care to your patients.