Senior Communications Manager
Kirk Nahra Weighs In on Second Phase of HIPAA Audits
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted by Bloomberg BNA in a March 23 Health Care Blog article about the second phase of Health Insurance Portability and Accountability Act (HIPAA) audits, which will encompass both covered entities and business associates.
According to the article, Jocelyn Samuels, director of the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR), announced at a recent HIPAA summit in Washington that OCR will conduct 200 desk and on-site audits. The desk audits, which are expected to be completed by December, will focus on specific requirements of the HIPAA privacy, security, or breach notification rules, while the on-site audits will take a broader look at HIPAA compliance.
Mr. Nahra, who also spoke at the conference, said covered entities are likely to do well on the HIPAA Privacy Rule audits, but probably will not perform as well on the HIPAA Security Rule audits.
Mr. Nahra said business associates may perform badly on their audits since there hasn’t been much enforcement for this segment of the market. “I think it’s fair to say many business associates may not be in reasonable compliance with the HIPAA Security Rule,” he concluded.
To read the full article, please click here.