Risk Analysis, Management Among Major Problems Found in HIPAA Audits

Career Strategy

Career / Career Strategy 96 Views 0

Security risk analysis and risk management were among the most acute compliance problems found by the U.S. Department of Health and Human Services (HHS) in its recent desk audits of covered entities under the Health Insurance Portability and Accountability Act (HIPAA).

Source: guvendemir / iStock / Getty

In 2016 and 2017, HHS’ Office for Civil Rights (OCR) conducted “desk audits” of 166 covered entities and 41 business associates. The audits focused on selected provisions of HIPAA’s privacy, security, and breach notification rules. After reviewing the documentation obtained from these organizations, OCR gave each a score of 1 to 5, with 1 indicating full compliance and 5 indicating no “serious attempt” to comply.

Of 63 covered entities and 41 business associates audited for risk analysis, only 16 in all scored better than a 3, OCR reported. For risk management, the numbers were even worse: 44 out of the 63 covered entities rated a 4 or 5, as did 28 of the 41 business associates.

HIPAA requires both covered entities and business associates—including group health plans and their service providers—to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to their electronic protected health information (e-PHI). This means identifying all of the e-PHI

Read from Benefits – HR Daily Advisor