HIPAA Audits to Resume Soon; Make Sure Your Practice is Compliant


If you haven’t conducted a privacy and security risk assessment recently, now’s the time to do so. The U.S. Department of Health and Human Services Office for Civil Rights (OCR) plans to implement random Health Insurance Portability and Accountability Act (HIPAA) audits to monitor compliance, beginning as soon as later this summer.

Building on a HIPAA auditing program piloted in 2012, the agency expects to launch random HIPAA audits focused on ferretting out major threats to patient health information confidentiality and network security.

Failure to comply with HIPAA’s privacy, security and breach notification requirements likely will result in financial penalties that could be significant. Recent OCR data shows that 60 percent of security breaches come from theft and loss of technology containing protected health information. However, issues related to hospital and practice staff using their own mobile devices and unsecure Wi-Fi networks are on the rise.

Your practice should take these three steps to protect against a breach in security and the loss of patient information:

  • Educate your staff about the importance complying with HIPAA requirements
  • Ensure all electronic patient information is encrypted when in transit and at rest
  • Perform a privacy and security risk assessment for all health care information technology, not just your electronic health records

CPMA offers a number of free resources to help your practice comply with the HIPAA requirements, including a HIPAA privacy and security toolkit These resources and additional information are available on CPMA’s compliance webpage