General Timelines, Results and Effects of the HIPAA Audit

by, admin on February 21, 2012

With the HIPAA audit due to start shortly, the OCR would inform the selected covered entity in writing introducing the audit contractor, explain in detail about the first document that is needed, describe the process of the audit, the expectations of the compliance and request for information. The notification would also involve the stipulated time and the means to return the information of the audit to the auditor. The requested information should be described as per the prescription of the audit and returned within 10 working or business days. The covered entities and business associates selected for the audit by the OCR should provide all details in accordance with the protocols of the audit.

The covered entities will be informed 30 and 90 days prior to on-site visits with these visits evolving over 3 to 10 working or business days according to the size of the chosen organization and the time taken by the auditor with regard to the approachability of information and the concerned personnel. Once the necessary work is completed by the auditor, the organization or the covered entity would receive a draft of the final report. The covered entity and business associates are given 10 days to go through the report and send back a written report to the auditor who will in turn provide a final report of the audit written by the covered entity and submit the same to the OCR.

The OCR would review the reports sent by the auditor so they can ascertain the efforts made by the covered entity and business associates to comply with HIPAA Rules. If there are changes to be made, the OCR would then determine the right course of action with corrective measures, technical aid and other means of assistance. If there is a crucial issue, the OCR would find ways to address the problem involved. The privacy of all selected covered entities and business associates will be protected by the OCR. The benefits of the compliance with HIPAA protections of health information are many. If there are any breaches made by the covered entities and business associates in health information, the OCR will extend help with the necessary tools, improve the security and confidentiality of patients’ medical records and generate technical assistance to attain the best practices. Consumers have the right to complain to the OCR about security breaches and the covered entity is bound to accept these complaints regarding HIPAA Rules as well as apply the necessary changes.


Call 1-800-723-4308 for more information