Impending audits could lead to penalties for healthcare providers not complying with health information privacy laws, an official stated Wednesday.
Pilot audits that began in 2012 have been gathering information about providers’ compliance with the Health Insurance Portability and Accountability Act. Under the coming round of audits, noncompliant providers and business associates could face consequences, said Iliana L. Peters, senior adviser at the Department of Health and Human Services Office for Civil Rights. She made her comments at a joint conference with the National Institutes of Standards and Technology, Bloomberg BNA reported.
These new audits will be done by internal OCR staffers rather than contractors, and likely will not involve onsite visits and investigations, Peters explained. Entities pre-selected for audits will be notified and asked to furnish lists of their business associates, from which the OCR then will select associates to audit as well.
The auditors will work rapidly and likely will not ask for additional documentation, Peters stated.
The enforcement audits were scheduled to begin this year, but the OCR has not yet announced a firm date. OCR spokeswoman Rachel Seeger emphasized to BNA that the audits “will happen” and that providers should double-check that they are following regulations.
Healthcare providers already have entered into costly settlements with the government over HIPAA breaches. In May, two New York City hospitals agreed to pay nearly $5 million to settle charges that a lack of “technical safeguards” exposed the protected information of about 6,800 patients.