Federal Regulators Launch New Round of HIPAA Audits

Thursday, March 31, 2016
By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On March 21, 2016, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) launched a new round of audits to help ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA), especially its Privacy Rule and Security Rule.  The new HIPAA Audit Program will review the policies and procedures adopted and employed by covered entities and their business associates to meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules.

2016 HIPAA Audit Program.

The new launch of audits starts with a round of emails to so-called covered entities – health care providers, insurance plans and clearinghouses – and to business associates that handle patient information on behalf of those entities. The emails verify contact information so that the “preaudit questionnaire” can be sent. The preaudit questionnaire seeks details on their business size and operations.

For the next step in the process, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) will create a pool of targets for the audit. The pool will be created “in coming months” and will “represent a wide range of health care providers, health plans, health care clearinghouses and business associates,” the OCR stated.

Serious Compliance Issues.

The agency said that it will use its findings to develop new guidance and policies aimed at strengthening adherence to HIPAA rules that safeguard the confidentiality of so -called protected health information. If an audit turns of a “serious compliance issue,” the OCR said, further investigations may occur, which could trigger financial penalties and a formal agreement to improve HIPAA compliance.

Companies selected for an audit will receive a detailed overview of the audit process and an outline of their obligations. Companies will have 10 business days to submit the requested information, and the OCR will then review the information and respond with its findings.

For more information on the 2016 HIPAA audit process, click here.

To read one of my previous blogs on HIPAA audits, click here.

If You Receive a Notice That You Are Going to Receive a HIPAA Audit, Consult an Experienced Health Lawyer That Knows HIPAA and Who Can Help You Prepare For It.

The Health Law Firm represents physicians, medical practices, hospitals, and other health providers in audits, including Medicare audits, Medicaid audits, and HIPAA audits. The Health Law Firm also assists health providers in establishing compliance with HIPAA regulations. If you have received notification of an impending audit, contact The Health Law Firm immediately. To learn more about how The Health Law Firm can assist, click here.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.


Overley, Jeff. “Feds launch long-awaited HIPAA audits.” Law360. (March 21, 2016). Web.

Bowers, James. “Brace for HIPAA audits as they arrive early in 2016.” Law360. (January 14, 2016). Web.

About the Author:  George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law.  He is the President and Managing Partner of The Health Law Firm, which has a national practice.  Its main office is in the Orlando, Florida, area.  www.TheHealthLawFirm.com  The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone:  (407) 331-6620.

KeyWords: Office of Civil Rights, OCR, Health Insurance Portability and Accountability Act, HIPAA, HIPAA audits, HIPAA audit protocol, OCR audits, HIPAA compliance, patient privacy provisions, preaudit questionnaire, U.S. Department of Health and Human Services (HHS), medical records, medical practice audit, records request, defense attorneys, legal representation for health care providers, health care audit attorneys, health care audit defense lawyer, health law, The Health Law Firm

"The Health Law Firm" is a registered fictitious business name of George F. Indest III, P.A. - The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 2016 The Health Law Firm. All rights reserved.

Like this blog? Add your public comments:

Items in bold indicate required information.