No one likes to be audited, and that goes double for doctors who handle sensitive patient records every day. Federal privacy audits are increasing the work physicians have to do to stay in compliance, and the potential exists for future penalties and fines down the road.
A second round of Health Insurance Portability and Accountability Act audits is ongoing, and the Health and Human Services Office for Civil Rights has released preliminary results indicating some widespread compliance issues, including the lack of an organization-wide risk management plan.
The OCR hasn’t used the early results to develop a comprehensive compliance education program for providers, Robert Tennant, director of health information technology policy at the Englewood, Colo.-based Medical Group Management Association, told me. With cyberattacks and data breaches on the rise, the OCR should use the audits to educate providers on best practices, Tennant said, especially smaller physician groups that might lack resources.
While the current audits are supposed to be educational in nature, questions remain about whether the OCR will soon adopt an enforcement approach. “In the mid- to long term, however, the OCR will continue to move away from the education audit and toward the so-called enforcement model,” Colin Zick, a health-care attorney with Foley Hoag LLP in Boston, told me. Zick said the audits are a way for the OCR to get the attention of covered entities and stress the importance of compliance.
The OCR hasn’t shied away from enforcing HIPAA compliance, outside of the audit process, and has reached several multimillion-dollar settlements over the past year resolving alleged HIPAA violations. In one case, Memorial Healthcare System in Florida reached a $5.5 million settlement after an OCR investigation over the illegal access and disclosure of patient records.
Read my full story here.
Stay on top of new developments in health law and regulation, and learn more, by signing up for a free trial to Bloomberg Law.
Notify me when updates are available (No standing order will be created).
Put me on standing order
Notify me when new releases are available (no standing order will be created)