The Department of Health and Human Services’ Office of Civil Rights is stepping up its enforcement efforts. Phase 2 of its HIPAA compliance audit program has begun, and most covered entities and business associates are potential candidates. Also, first quarter civil penalties for privacy and security violations have reached nearly $5.5 million. This article will provide insight on the audits to be conducted and lessons furnished by the settlements to help companies determine how best to evaluate and adjust their compliance programs.
The Department of Health and Human Services is stepping up its privacy enforcement efforts. HHS Office of Civil Rights announced in March the launch of Phase 2 of its program to audit the HIPAA compliance programs of both covered entities and business associates. Phase 1 of the program, launched in 2011 and 2012, was a pilot and involved only 115 covered entities. Although HHS’s Office for Civil Rights has released no statement regarding the details of the targets of the program, OCR’s deputy director of health information privacy, Deven McGraw, said in an interview in March that the
The full text of this article is available in the May 2016 Issue of Life Science Compliance Update