ENTtoday
  • Home
  • COVID-19
  • Practice Focus
    • Allergy
    • Facial Plastic/Reconstructive
    • Head and Neck
    • Laryngology
    • Otology/Neurotology
    • Pediatric
    • Rhinology
    • Sleep Medicine
  • Departments
    • Issue Archive
    • TRIO Best Practices
      • Allergy
      • Facial Plastic/Reconstructive
      • Head and Neck
      • Laryngology
      • Otology/Neurotology
      • Pediatric
      • Rhinology
      • Sleep Medicine
    • Career Development
    • Case of the Month
    • Everyday Ethics
    • Health Policy
    • Legal Matters
    • Letter From the Editor
    • Medical Education
    • Online Exclusives
    • Practice Management
    • Resident Focus
    • Rx: Wellness
    • Special Reports
    • Tech Talk
    • Viewpoint
    • What’s Your O.R. Playlist?
  • Literature Reviews
    • Allergy
    • Facial Plastic/Reconstructive
    • Head and Neck
    • Laryngology
    • Otology/Neurotology
    • Pediatric
    • Rhinology
    • Sleep Medicine
  • Events
    • Featured Events
    • TRIO Meetings
  • Contact Us
    • About Us
    • Editorial Board
    • Triological Society
    • Advertising Staff
    • Subscribe
  • Advertise
    • Place an Ad
    • Classifieds
    • Rate Card
  • Search

Preparing for Increased HIPAA Audits Among Smaller Providers

by Steven M. Harris, Esq. • May 9, 2016

  • Tweet
  • Email
Print-Friendly Version
Bakhtiar Zein/SHUTTERSTOCK.com

Bakhtiar Zein/SHUTTERSTOCK.com

Recent enforcement activities of the Department of Health and Human Services’ Office for Civil Rights (OCR) have shown an increase in fines and penalties assessed against smaller providers for failing to comply with the privacy, security, and breach notification requirements of the Health Insurance Portability and Accountability Act (HIPAA). Historically, OCR has focused on larger providers, such as hospitals and health systems, and breaches involving more than 500 individuals; however, OCR is now aggressively enforcing HIPAA compliance of smaller providers, including sole practitioners, and investigating smaller breaches affecting fewer than 500 individuals. As a result, 2016 is expected to be a critical year for HIPAA enforcement and a record year for fines and penalties for noncompliance.

You Might Also Like

No related posts.

Explore This Issue
May 2016

Reason for the Change

In fall 2015, the Office of Inspector General (OIG) issued a report regarding OCR’s HIPAA enforcement practices. The report found that OCR actively investigated all large breaches (affecting more than 500 individuals), but failed to document investigations of small breaches (affecting fewer than 500 individuals), suggesting that small breaches are often overlooked. This variance is largely due to limited federal resources and the fact that OCR simply does not have the time or manpower to investigate small breaches.

The OIG’s report also suggests that certain covered entities routinely violate HIPAA regulations and exhibit compliance issues that warrant increased fines and penalties. In response, OCR is increasing its enforcement activities by reviewing covered entities with previous breaches to reassess compliance and markedly increasing the fines assessed against repeat offenders. In addition, on March 21, 2016, OCR announced that phase 2 of its HIPAA audit program had begun, which is undoubtedly an effort to overcome any scrutiny cast on OCR by the OIG’s report.

Phase 2 HIPAA Audits

Although the second round of HIPAA audits has been expected for some time, OCR is now actively selecting covered entities and business associates for Phase 2 HIPAA audits. The goal of the audit program is to assess compliance with the HIPAA Privacy, Security, and Breach Notification Rules. OCR intends to use the data it obtains during the audit process to examine compliance mechanisms, determine best practices, and discover program risks and vulnerabilities.

Phase 1 took place in 2011 and 2012, and focused on the compliance of covered entities. Phase 2 will differ from phase 1 in that the audits will be expanded to include business associates. This phase will consist of three series of desk and onsite audits. The first series of audits will be desk audits of covered entities, and the second series will be desk audits of business associates. Desk audits are conducted off site and will examine specific compliance requirements of the Privacy, Security, and Breach Notification Rules by reviewing policies, procedures, and compliance plans of each entity selected for the audit. OCR expects the first and second series of desk audits to be completed by the end of 2016. The third series of audits will be on site and focus on a broader scope of HIPAA requirements than the desk audits. Selection for the first or second round of desk audits does not preclude selection for the onsite audits conducted during the third round, so some entities may be subject to both.

It is imperative that you evaluate your HIPAA compliance now & not wait until you are selected for an audit or are—even worse—a party to a breach.

Any covered entity or business associate can be audited, regardless of size or type of provider. Audit selection criteria include the size and type of the entity, affiliation with other healthcare organizations, whether the entity is public or private, and geographic factors. The only entities exempt from an audit are those with an open complaint investigation or those currently subjects of compliance review.

Advance Preparation Is Critical

Fines and penalties assessed by the OCR due to noncompliance with HIPAA requirements can put a small provider out of practice. For this reason, it is imperative that you evaluate your HIPAA compliance now and not wait until you are selected for an audit or are—even worse—a party to a breach.

Pages: 1 2 | Single Page

Filed Under: Departments, Legal Matters Tagged With: audit, HHS, HIPAA complianceIssue: May 2016

You Might Also Like:

The Triological SocietyENTtoday is a publication of The Triological Society.

The Laryngoscope
Ensure you have all the latest research at your fingertips; Subscribe to The Laryngoscope today!

Laryngoscope Investigative Otolaryngology
Open access journal in otolaryngology – head and neck surgery is currently accepting submissions.

Classifieds

View the classified ads »

TRIO Best Practices

View the TRIO Best Practices »

Top Articles for Residents

  • Do Training Programs Give Otolaryngology Residents the Necessary Tools to Do Productive Research?
  • Why More MDs, Medical Residents Are Choosing to Pursue Additional Academic Degrees
  • What Physicians Need to Know about Investing Before Hiring a Financial Advisor
  • Tips to Help You Regain Your Sense of Self
  • Should USMLE Step 1 Change from Numeric Score to Pass/Fail?
  • Popular this Week
  • Most Popular
  • Most Recent
    • The Dramatic Rise in Tongue Tie and Lip Tie Treatment
    • Vertigo in the Elderly: What Does It Mean?
    • Complications for When Physicians Change a Maiden Name
    • Rating Laryngopharyngeal Reflux Severity: How Do Two Common Instruments Compare?
    • Is Middle Ear Pressure Affected by Continuous Positive Airway Pressure Use?
    • The Dramatic Rise in Tongue Tie and Lip Tie Treatment
    • What Happens to Medical Students Who Don’t Match?
    • Rating Laryngopharyngeal Reflux Severity: How Do Two Common Instruments Compare?
    • Vertigo in the Elderly: What Does It Mean?
    • Neurogenic Cough Is Often a Diagnosis of Exclusion
    • Novel Bioabsorbable Plate Associated with Lower Leak Risk in Patients Receiving Endoscopic Skull Base Repair
    • New Findings Support Use of Cemiplimab as Neoadjuvant Therapy in Patients with Resectable Cutaneous Squamous Cell Carcinoma
    • Kinetic Oscillation Stimulation an Effective, Lasting Second-Line Treatment for Patients with Nonallergic Rhinitis
    • Otolaryngologists Vary Significantly in Choice of Injectable Materials for Vocal Fold Injection Augmentation
    • COVID-19 Infection May Be Associated with Unique Manifestation of Facial Nerve Paralysis/Palsy

Polls

Do you believe that having more otolaryngologists appear on mainstream media outlets is a good thing for the field?

View Results

Loading ... Loading ...
  • Polls Archive
  • Home
  • Contact Us
  • Advertise
  • Privacy Policy
  • Terms of Use
  • Cookie Preferences

Visit: The Triological Society • The Laryngoscope • Laryngoscope Investigative Otolaryngology

Wiley
© 2023 The Triological Society. All Rights Reserved.
ISSN 1559-4939