The HHS is looking to bring back a HIPAA compliance audit program in a bid to enhance cybersecurity within the healthcare sector, Gov Info Security reported Feb. 13.
On Feb. 12, the HHS announced in the Federal Register that its Office for Civil Rights is set to initiate a study soon to evaluate the effectiveness of its HIPAA compliance audit program. The program was last utilized in 2017.
"The survey will gather information relating to the effect of the audits on the audited entities and the entities' opinions about the audit process," HHS' OCR said.
As part of this evaluation, OCR will administer a 39-question online survey to 207 covered entities and business associates who participated in the 2016 and 2017 HIPAA audits.
According to the agency, the online survey will play a crucial role in measuring the impact of the audits on subsequent actions taken by covered entities and business associates to comply with HIPAA rules.
In addition to assessing the overall impact, the survey will provide an opportunity for entities to provide feedback on various aspects of the audits. This includes the helpfulness of HHS' guidance materials and communications, the utility of the online submission portal, the effectiveness of the audit in improving entity compliance, and responses to audit-report findings and recommendations.
The agency also expressed its intention to leverage the survey results to gain deeper insights into the "burden" placed on entities in collecting audit-related documents and responding to audit-related requests. Additionally, the assessment aims to understand the effect of the audits on the day-to-day operations of these organizations.
OCR was mandated to conduct HIPAA audits under the HITECH Act of 2009. Although the initiative faced initial delays, it gained momentum with the assistance of external contractors who developed various audit protocols. Despite the progress, the audits, including on-site and remote "desk audits," ceased in 2017 after OCR reviewed more than 200 covered entities and business associates between 2016 and 2017.