While the Privacy and Security Rules of the Health Insurance Portability and Accountability Act (HIPAA) may have taken a back seat to changes required under health care reform, audits for HIPAA compliance are on the rise. The Health Information Technology for Economic and Clinical Health Act (HITECH) requires the Center for Medicare and Medicaid Services (CMS) to audit group health plans for compliance with HIPAA.
Carrying out the mandate under HITECH, CMS has announced that it will examine up to 150 covered entities, including health plans and health care providers, by December 31, 2012. The audits are intended to gather information about HIPAA issues and correction processes. However, CMS has reserved the right to pursue additional enforcement procedures if it uncovers serious HIPAA violations during an audit. Employers may wish to review their HIPAA privacy and security policies to make sure they have appropriate procedures in place for addressing HIPAA privacy and security concerns. A HIPAA compliance review should confirm that the employer and its group health plan are complying with their documented processes to place the employer and plan in the best possible position for a potential audit.
