Surveys to Help Feds Build HIPAA Audit Program
The HHS Office for Civil Rights, which is finalizing a HIPAA Audit program to assess compliance with privacy and security rules, expects in the near future to send pre-audit surveys to up to 1,200 randomly selected organizations.
The HHS Office for Civil Rights, which is finalizing a HIPAA Audit program to assess compliance with privacy and security rules, expects in the near future to send pre-audit surveys to up to 1,200 randomly selected organizations.
OCR is looking to send pre-audit surveys to about 800 covered entities and 400 business associates. Receipt of a pre-audit survey does not indicate an organization will be audited, a spokesperson emphasizes. The pre-audit surveys are part of the learning process of developing the audit program.
The survey will gather information about respondents to enable OCR to assess the size, complexity and fitness of a respondent for an audit, according to a published notice available here. Information collected includes, among other things, recent data about the number of patients or insured lives, use of electronic information, revenue and business locations.
The agency first issued the same notice--called an information collection request--in late February with a 60-day comment period, reviewed industry feedback and now has put the notice back out for another month for additional comment. Following the comment period, OCR will submit the information collection request to the Office of Management and Budget for approval, and will send out the surveys if approved.
OCR expects the pre-audit survey to take about 30 minutes to complete. A firm data on rolling out the audits has still not been set.
OCR is looking to send pre-audit surveys to about 800 covered entities and 400 business associates. Receipt of a pre-audit survey does not indicate an organization will be audited, a spokesperson emphasizes. The pre-audit surveys are part of the learning process of developing the audit program.
The survey will gather information about respondents to enable OCR to assess the size, complexity and fitness of a respondent for an audit, according to a published notice available here. Information collected includes, among other things, recent data about the number of patients or insured lives, use of electronic information, revenue and business locations.
The agency first issued the same notice--called an information collection request--in late February with a 60-day comment period, reviewed industry feedback and now has put the notice back out for another month for additional comment. Following the comment period, OCR will submit the information collection request to the Office of Management and Budget for approval, and will send out the surveys if approved.
OCR expects the pre-audit survey to take about 30 minutes to complete. A firm data on rolling out the audits has still not been set.