The Office of Civil Rights within HHS plans to move forward with its proactive HIPAA audits of business associates and covered entities, according to a report from The National Law Review.
Traditionally, OCR would audit covered entities when such entities submitted reports of breaches. Now, the OCR plans to conduct periodic audits to ensure continued compliance with HIPAA's security rule, as opposed to retroactive auditing.
According to the report, initial audits will consist of "desk audits" in which OCR will ask entities to submit security policies and procedures for review. Some in-person audits may occur.
More articles on HIPAA:
Vermont physician office burglarized, 2,000 records compromised
Why are healthcare data breaches so common?
Fitbit adds HIPAA compliance features to its Wellness division