Business Associate HIPAA Audits Coming Soon

Published on

On September 15, the OCR Director and Deputy Director for Health Information Privacy gave an update of the various HIPAA enforcement activities during a presentation at a HIPAA summit in Washington, D.C. Among the many topics covered, they announced that, starting in October, they will notify the 40 to 50 business associates selected for an OCR HIPAA compliance “desk” audit. Unlike the Covered Entities that received audit notification, business associates will not be getting any warning.

It is important that business associates be ready in case they’re notified of an audit. Business Associates should be ready to produce their policies and procedures for notifying their CEs when there has been a breach incident. And if they have had a breach incident, documentation on when and how they handled them should also be ready. Click here to read the entire article from the HealthCare Info Security.