Government Concludes Many Covered Entities Don’t Comply with HIPAA

Posted by BAS - 21 January, 2021

header-picture

The U.S. Department of Health and Human Services is required to periodically audit covered entities and business associates to determine if they comply with the requirements of HIPAA. In 2016 and 2017, HHS audited 166 covered entities and 41 business associates.

HHS concluded that most covered entities met the timelines required for providing notification of breaches to individuals who had their information compromised and most covered entities had a Notice of Privacy Practices that was distributed properly. However, it also concluded that most covered entities failed to meet other HIPAA requirements such as safeguarding PHI, ensuring individuals had a right to their own information, and providing the required information in a Notice of Privacy Practices. HHS also found that many covered entities and business associates did not implement proper risk analysis and risk management.

A copy of the Department’s findings may be accessed here.

Topics: MyEnroll360 Security, HR & Benefit Plans, HR & Benefits News, Technology News


Recent Posts

Question of the Week - Mid-Year Enrollment for Health Coverage

read more

OCR Reports to Congress on HIPAA Compliance and Breaches of Unsecured Protected Health Information

read more

Find your QELs in MyEnroll360

read more