The New Era of Compliance Audits
The new era of Office for Civil Right’s (OCR) HIPAA compliance audits, investigations of complaints and enforcement for non-compliance is here. OCR has begun the next round of random OCR audits by conducting desk audits of 167 covered entities this summer, while business associates are anticipated to begin receiving audit notifications before the year is over.
“Audits are really a critical compliance tool for us because they enable us to get out in front of potential industry problems before they result in a breach … and they enable us to better tailor our guidance and our technical assistance to ensure that we’re addressing the most common problems.”
– OCR Director Jocelyn Samuels
The new audit program will include a combination of desk and on-site audits. Most organizations selected for an audit will have a desk audit and will only have one chance to submit the proper documentation.
Additionally we have seen the results as Centers for Medicare & Medicaid Services (CMS) continues to audit organizations that attest to Meaningful Use. These audit findings have shown that most organizations do not retain the necessary supporting documentation of completion of core set objectives and measures. They also find that most adverse audits lack a current risk assessment even though it is also required by the HIPAA Security Rule.
To help organizations prepare for these audits, CynergisTek developed a series of audit solutions to help organizations verify and validate that its privacy and security programs meet compliance and business objectives. CynergisTek understands the regulatory and compliance environment and can help organizations enhance their risk management efforts through various types of audits. Our Compliance and Audit Services are delivered by our industry experts and provide an overall assessment of your organization’s audit readiness.