On February 12, the U.S. Department of Health and Human Services (“HHS”), Office of Civil Rights (“OCR”), published a notice requesting comment on an upcoming information request.  Specifically, OCR invites comments regarding its burden estimate for a “HIPAA Audit Review Survey.”  The Survey consists of “39 online survey questions” and will be sent to “207 covered entities and business associates that participated in the 2016-2017 OCR HIPAA Audits.”  The Survey aims to help OCR determine the 2016-2017 HIPAA Audits efficacy in assessing HIPAA compliance efforts of covered entities.  Specifically, the Survey will:

  • Measure the effect of the 2016-2017 HIPAA Audits on covered entities’ and business associates’ subsequent actions to comply with the HIPAA;
  • Give entities an opportunity to provide feedback on the Audit, including whether the Audit helped improve HIPAA compliance;
  • Provide OCR with information on the burden imposed on entities to collect audit-related documents and to respond to audit-related questions; and
  • Seek feedback on the effect of the HIPAA Audit program on entities day-to-day business operations.

The information collected in response to the Survey will “be used to improve future OCR HIPAA audits.”  Comments on the HIPAA Audit Review Survey must be received by April 12, 2024.  This information request may be an indication that OCR is planning to reinvigorate its program to conduct periodic audits of covered entities and business associates to assess their level of HIPAA compliance.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Anna D. Kraus Anna D. Kraus

Anna Durand Kraus has a multi-disciplinary practice advising clients on issues relating to the complex array of laws governing the health care industry. Her background as Deputy General Counsel to the U.S. Department of Health and Human Services (HHS) gives her broad experience…

Anna Durand Kraus has a multi-disciplinary practice advising clients on issues relating to the complex array of laws governing the health care industry. Her background as Deputy General Counsel to the U.S. Department of Health and Human Services (HHS) gives her broad experience with, and valuable insight into, the programs and issues within the purview of HHS, including Medicare, Medicaid, fraud and abuse, and health information privacy. Ms. Kraus regularly advises clients on Medicare reimbursement matters, the Medicaid Drug Rebate program, health information privacy issues (including under HIPAA and the HITECH Act), and the challenges and opportunities presented by the Affordable Care Act.

Photo of Jorge Ortiz Jorge Ortiz

Jorge Ortiz is an associate in the firm’s Washington, DC office and a member of the Data Privacy and Cybersecurity and the Technology and Communications Regulation Practice Groups.

Jorge advises clients on a broad range of privacy and cybersecurity issues, including topics related…

Jorge Ortiz is an associate in the firm’s Washington, DC office and a member of the Data Privacy and Cybersecurity and the Technology and Communications Regulation Practice Groups.

Jorge advises clients on a broad range of privacy and cybersecurity issues, including topics related to privacy policies and compliance obligations under U.S. state privacy regulations like the California Consumer Privacy Act.