OIG tells OCR to establish its permanent audit plan. OIG officials called OCR’s oversight of the HIPAA Privacy Rule "primarily reactive." It investigates possible noncompliance primarily in response to complaints. Establishing a permanent audit program would help OCR "proactively assess possible noncompliance from covered entities."
So when should entities expect to see the permanent audit program rolled out? Mac McMillan, FHIMSS, CISSM, cofounder and CEO of Cynergis Tek, Inc., Austin, Texas, and Phyllis A. Patrick, MBA, FACHE, CHC, CISM, founder of Phyllis A. Patrick and Associates, LLC., Southport, North Carolina, each say they expect the full program to hit the streets in early 2016. However, Patrick says, "I will believe it when I see it."
Covered entities, she adds, should always be ready for an audit.
This article was originally published in Briefings on HIPAA. Subscribers can access the full article in the January 2016 issue.