The Rheumatologist
COVID-19 NewsACR Convergence
  • Connect with us:
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Feed
  • Home
  • Conditions
    • Rheumatoid Arthritis
    • SLE (Lupus)
    • Crystal Arthritis
      • Gout Resource Center
    • Spondyloarthritis
    • Osteoarthritis
    • Soft Tissue Pain
    • Scleroderma
    • Vasculitis
    • Systemic Inflammatory Syndromes
    • Guidelines
  • Resource Centers
    • Axial Spondyloarthritis Resource Center
    • Gout Resource Center
    • Psoriatic Arthritis Resource Center
    • Rheumatoid Arthritis Resource Center
    • Systemic Lupus Erythematosus Resource Center
  • Drug Updates
    • Biologics & Biosimilars
    • DMARDs & Immunosuppressives
    • Topical Drugs
    • Analgesics
    • Safety
    • Pharma Co. News
  • Professional Topics
    • Ethics
    • Legal
    • Legislation & Advocacy
    • Career Development
      • Certification
      • Education & Training
    • Awards
    • Profiles
    • President’s Perspective
    • Rheuminations
    • Interprofessional Perspective
  • Practice Management
    • Billing/Coding
    • Quality Assurance/Improvement
    • Workforce
    • Facility
    • Patient Perspective
    • Electronic Health Records
    • Apps
    • Information Technology
    • From the College
    • Multimedia
      • Audio
      • Video
  • Resources
    • Issue Archives
    • ACR Convergence
      • Gout Resource Center
      • Axial Spondyloarthritis Resource Center
      • Psoriatic Arthritis
      • Abstracts
      • Meeting Reports
      • ACR Convergence Home
    • American College of Rheumatology
    • ACR ExamRheum
    • Research Reviews
    • ACR Journals
      • Arthritis & Rheumatology
      • Arthritis Care & Research
      • ACR Open Rheumatology
    • Rheumatology Image Library
    • Treatment Guidelines
    • Rheumatology Research Foundation
    • Events
  • About Us
    • Mission/Vision
    • Meet the Authors
    • Meet the Editors
    • Contribute to The Rheumatologist
    • Subscription
    • Contact
  • Advertise
  • Search
You are here: Home / Articles / Phase 2 of HIPAA Audit Program Launches

Phase 2 of HIPAA Audit Program Launches

May 13, 2016 • By From the College

  • Tweet
  • Email
Print-Friendly Version / Save PDF
Bacho/shutterstock.com

Bacho/shutterstock.com

With many competing priorities facing physician practices, HIPAA compliance and security is not a topic that usually makes it to the top of the list. But this is not the case with the Department of Health and Human Services’ Office for Civil Rights (OCR), because it has initiated a new phase of audits of physician practices, health plans, clearinghouses and business associates to assess compliance with HIPAA Privacy, Security and Breach Notification Rules. Because most practices underestimate the importance of reviewing and updating their privacy and security guidelines, it is important to pay close attention to your covered entities and business associate agreements as they relate to patient information.

You Might Also Like
  • HIPAA Audit Activities Increase in 2016
  • HHS Enforces Stricter Rules on HIPAA
  • Preparing for Increased HIPAA Audits Among Smaller Rheumatology Providers
Explore This Issue
May 2016
Also By This Author
  • Rheumatology Research Foundation Offers Innovative Research Award for Community Practitioners

In 2014 through 2015 (Phase 1), the OCR began work on building its audit protocol to glean information on covered entities’ compliance with the HIPAA Privacy, Security and Breach Notification Rules. The Phase 1 assessments of healthcare providers, health plans and clearinghouses revealed weakness in the internal databases and compliance programs of many entities, particularly that of small group practices. Although most of the security rules generally seem to be geared toward covered entities, the guideline for privacy compliance also extends to business associates that provide services for physician practices and hospitals.

ad goes here:advert-1
ADVERTISEMENT
SCROLL TO CONTINUE

Differences Between Phase 1 & Phase 2

It seemed that the OCR’s Phase 1 audits were disappointing, as they revealed many findings or observations of noncompliance related to the Security Rule compliance. As stated before, Phase 1 focused mainly on HIPAA standards; however, Phase 2 will focus on key noncompliance areas and a more comprehensive approach to those areas that were identified in Phase 1. This is in an effort to avoid the potential for data breaches and security gaps that can expose patient information and have a financial impact on the healthcare industry.

In their Phase 2 audit program in 2016, for the first time, audits will include business associates. Under the omnibus rule, a business associate is defined as any person or entity that creates, receives, maintains or transmits protected health information (PHI) on behalf of a covered entity. Currently, business associates provide services to covered entities that include billing, claims processing, consulting, management administration, accreditation and financial services. Additionally, with the increased utilization of health data analytics, most entities are outsourcing the handling, process and analysis of this information through business associates, who are receiving more access to patient documents and files.

ad goes here:advert-2
ADVERTISEMENT
SCROLL TO CONTINUE

Off-Site vs. On-Site Audits

Every covered entity and business associate is eligible for an audit. The OCR will conduct primarily desk audits of selected organizations’ policies and procedures to meet selected standards and implementation specifications of HIPAA regulations, with a projection to be completed by December 2016. The main focus will be on areas that are of greater risk to the security of protected health information (PHI). Keep in mind the OCR indicates that some on-site audits will be conducted.

Pages: 1 2 3 | Single Page

Filed Under: From the College, Practice Management Tagged With: Compliance, Guidelines, HIPAA audit, Practice, Regulation, rheumatologist, SecurityIssue: May 2016

You Might Also Like:
  • HIPAA Audit Activities Increase in 2016
  • HHS Enforces Stricter Rules on HIPAA
  • Preparing for Increased HIPAA Audits Among Smaller Rheumatology Providers
  • HIPAA Security Standards: What Rheumatologists Need to Know

American College of Rheumatology

Visit the official website for the American College of Rheumatology.

Visit the ACR »

Meeting Abstracts

Browse and search abstracts from the ACR Convergence and ACR/ARP Annual Meetings going back to 2012.

Visit the Abstracts site »

ACR Convergence

Don’t miss rheumatology’s premier scientific meeting for anyone involved in research or the delivery of rheumatologic care or services.

Visit the ACR Convergence site »

The Rheumatologist newsmagazine reports on issues and trends in the management and treatment of rheumatic diseases. The Rheumatologist reaches 11,500 rheumatologists, internists, orthopedic surgeons, nurse practitioners, physician assistants, nurses, and other healthcare professionals who practice, research, or teach in the field of rheumatology.

About Us / Contact Us / Advertise / Privacy Policy / Terms of Use / Cookie Preferences

  • Connect with us:
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Feed

Copyright © 2006–2023 American College of Rheumatology. All rights reserved.

ISSN 1931-3268 (print)
ISSN 1931-3209 (online)