You may see a HIPAA auditor in the next year as the federal Office of Civil Rights (OCR) pilots an auditing program to assess privacy and security compliance among health care providers and other entities covered by HIPAA.
From November 2011 to December 2012, OCR will perform up to 150 audits on a variety of covered entities of all types and sizes. These audits are primarily a compliance improvement activity. OCR plans to use the audit reports to determine what types of technical assistance are necessary and the most effective corrective actions. They also will share best practices they find through the audit process.
However, if the audit indicates a serious compliance issue, OCR may initiate a compliance review to address the problem.
The Pennsylvania Medical Society provides physicians, practice managers, and others impacted by HIPAA with a variety of tools and resources related to compliance.
The OCR audits are the result of a mandate in the American Recovery and Reinvestment Act of 2009 that calls for periodic audits to ensure covered entities and business associates are complying with HIPAA privacy and security rules and breach notification standards.