HIPAA Compliance Audits Prioritized in 2017 Fiscal Budget

BobGrant1By Bob Grant, Chief Strategy Officer, Compliancy Group
Twitter: @compliancygroup

Earlier this year, the Obama administration submitted its budget proposal for fiscal-year 2017. The OCR Budget in Brief details the increased budget–$1.15 trillion of which is allotted for the Department of Health and Human Services (HHS). $43 million of these funds will go to the Office for Civil Rights (OCR), and $82 million will go to the Office of National Coordination for Health IT (ONC).

With the new budget, HHS will be able to pursue its initiatives more efficiently. OCR plans to increase its team of on-staff auditors and in preparation for the next round of HIPAA compliance audits. ONC aims to facilitate electronic transfer of protected health information (PHI). In a push to ensure patient privacy and security, the proposed budget prioritizes HIPAA compliance audits, which are enforced by OCR. The increased funding would also allow both OCR and ONC to modernize their security efforts by way of implementing more advanced health care IT infrastructure.

Congress rejected proposed funding for permanent HIPAA compliance audits in the fiscal-year 2016 budget. Still, OCR officials announced the start of its Phase 2 HIPAA audit program this March, before this year’s budget proposal increases had even been approved. The program was a result of the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, which affects over 4,600 facilities and more than 11 million patients per year.

Because OCR is responsible for policy development and regulatory enforcement, they are providing outreach in order to inform covered entities concerning their rights and protections, as well as their obligations. Incoming audits are expected not only to enforce HIPAA compliance, but also to offer practical assistance and remediation plans to improve the integrity and security of PHI. As stated in the budget brief, they are a “proactive approach to evaluating and ensuring HIPAA privacy and security compliance.”

Organizations and covered entities beholden to HIPAA–as well as their business associates–will be thoroughly and periodically reviewed to assess compliance with HIPAA Privacy, Security and Breach Notification Rules. Through this process, OCR resolves over 4,500 cases of discrimination annually, concerning issues such as race, nationality, sex, and disability. And in 2015, they addressed over 16,000 complaints of HIPAA violations. Health care organizations can review the protocol in anticipation of the expected audits.

About the Author: Bob Grant is the Chief Strategy Officer of the Compliancy Group. The Compliancy Group offers a suite of products and solutions to help you meet HIPAA Compliance. Attend one of their upcoming free educational webinars or schedule a demo of the company’s all-in-one compliance product, The Guard. This article was originally published on the Compliancy Group blog and is republished here with permission.