OCR Plans To Survey Health Plans, Other Covered Entities Hit With HIPAA Audits in 2012


The Department of Health & Human Services (HHS) Office of Civil Rights (OCR) wants to ask the 115 health plans, health care clearinghouses, and health care providers (covered entities) that OCR audited in 2012 for compliance with Privacy and Security Rules of the Health Insurance Portability & Accountability Act (HIPAA)  under its HIPAA Audit Program to share feedback about their experience.  The planned survey announcement follows OCR’s recent released of restated HIPAA Privacy & Security Rules scheduled to take effect in September, 2013 and as OCR continues and expanding its HIPAA Audit Program in 2013.  All together, the signs are clear that covered entities should update and strengthen their HIPAA compliance and risk management practices to withstand the tightened rules and enforcement.

OCR initiated the HIPAA Audit Program in 2012 to comply with Section 13411 of the Health Information Technology for Economic and Clinical Health Act’s requirement that it audit covered entity and business associate compliance with the HIPAA privacy, security, and breach notification rules.  While it continues its HIPAA Audit Program in 2013, OCR also is evaluating the effectiveness of the HIPAA Audit Program audits in 2012. 

To this end, OCR currently is conducting a review of the HIPAA Audit program to determine its efficacy in assessing the HIPAA compliance efforts of covered entities.  As part of that review, OCR plans to ask covered entities audited under the HIPAA Audit Program in 2012 to complete an online survey about their experience.  In anticipation of its conduct of the proposed surveys, OCR is inviting public comment on the burden to Covered Entities to complete the planned online survey, which OCR estimates will take two hours to complete through May 20, 2013.  According to OCR, the survey will gather information on the effect of the audits on the audited entities and the entities’ opinions about the audit process. The online survey will be used to:

  • Measure the effect of the HIPAA Audit program on covered entities;
  • Gauge their attitudes towards the audit overall and in regards to major audit program features, such as the document request, communications received, the on-site visit, the audit report findings and recommendations;
  • Obtain estimates of costs incurred by covered entities, in time and money, spent responding to audit-related requests;
  • Seek feedback on the effect of the HIPAA Audit program on the day-to-day business operations; and
  • Assess whether improvements in HIPAA compliance were achieved as a result of the Audit program.

OCR says it will use the information, opinions, and comments collected using the online survey to produce recommendations for improving the HIPAA Audit program.

For instructions to comment or more details, see here.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.   ©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.

OCR initiated the HIPAA Audit Program in 2012 to comply with Section 13411 of the Health Information Technology for Economic and Clinical Health Act’s requirement that it audit covered entity and business associate compliance with the HIPAA privacy, security, and breach notification rules.  While it continues its HIPAA Audit Program in 2013, OCR also is evaluating the effectiveness of the HIPAA Audit Program audits in 2012. 

To this end, OCR currently is conducting a review of the HIPAA Audit program to determine its efficacy in assessing the HIPAA compliance efforts of covered entities.  As part of that review, OCR plans to ask covered entities audited under the HIPAA Audit Program in 2012 to complete an online survey about their experience.  In anticipation of its conduct of the proposed surveys, OCR is inviting public comment on the burden to Covered Entities to complete the planned online survey, which OCR estimates will take two hours to complete through May 20, 2013.  According to OCR, the survey will gather information on the effect of the audits on the audited entities and the entities’ opinions about the audit process. The online survey will be used to:

  • Measure the effect of the HIPAA Audit program on covered entities;
  • Gauge their attitudes towards the audit overall and in regards to major audit program features, such as the document request, communications received, the on-site visit, the auditreport findings and recommendations;
  • Obtain estimates of costs incurred by covered entities, in time and money, spent responding to audit-related requests;
  • Seek feedback on the effect of the HIPAA Audit program on the day-to-day business operations; and
  • Assess whether improvements in HIPAA compliance were achieved as a result of the Audit program.

OCR says it will use the information, opinions, and comments collected using the online survey to produce recommendations for improving the HIPAA Audit program.

For instructions to comment or more details, see here.

For Help or More Information

If you need help reviewing and updating, administering or defending your group health insurance,  employee benefit, human resources, insurance, health care matters or related documents or practices to respond to emerging health plan regulations, monitoring or commenting on these rules, defending your health plan or its administration, or other health or employee benefit, human resources or risk management concerns, please contact the author of this update, Cynthia Marcotte Stamer.

A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 24 years of work, advocacy, education and publications on cutting edge health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters. 

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals.  A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials on regulatory, investigatory or enforcement concerns. 

Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, the editor and publisher of Solutions Law Press HR & Benefits Update and other Solutions Law Press Publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations.   She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications.   You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.

About Solutions Law Press, Inc.

Solutions Law Press, Inc.™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested in exploring other Solutions Law Press, Inc. ™ tools, products, training and other resources here.

Other Helpful Resources & Other Information

If you found these updates of interest, you also be interested in one or more of the following other recent articles published in this electronic Solutions Law publications available for review here including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile at here.

For important information about this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2013 Cynthia Marcotte Stamer, P.C.  Non-Exclusive License To Republish Granted To Solutions Law Press, Inc.  All Other Rights Reserved.

One Response to OCR Plans To Survey Health Plans, Other Covered Entities Hit With HIPAA Audits in 2012

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 528 other followers

%d bloggers like this: