Employee Health Plans - HHS Begins Nationwide HIPAA Audit Programs
The Office for Civil Rights of the Department of Health and Human Services has begun its previously-announced nationwide HIPAA audit programs of employers and their HIPAA Business Associates. The audits, which will be both by mail and on-site, reportedly will focus on:
-The Notice of Privacy Practices required to be distributed by employers;
-Issues concerning plan participants' right to access their Protected Health Information;
-Risk management and risk analysis under the HIPAA security rules; and
-Procedures for dealing with HIPAA privacy breaches.
Naturally, now would be a good time for employers that maintain employee health plans, and their health plan service providers, to perform internal HIPAA privacy and security self-diagnostics to ensure that they are in full compliance with the various HIPAA rules before an OCR auditor shows-up.