OCR HIPAA Audits

OCR HIPAA Audit Response Plan

The American Recovery and Reinvestment Act of 2009, in Section 13411 of the HITECH Act, require HHS to provide for periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards.  To implement this mandate, OCR is piloting a program to perform up to 150 audits of covered entities to assess privacy and security compliance.  Audits conducted during the pilot phase will begin November 2011 and conclude by December 2012. 

Department of Health and Human Services / Office of Civil Rights Audit Process

The Department of Health and Human Services (HHS) /Office of Civil Rights (OCR) has been charged with conducting approximately 150 audits of covered entities and business associates as part of the HIPAA/HITECH enforcement efforts.  

HHS/OCR has contracted with a consulting company (KPMG) who will be performing the audits.  Although detailed information on what they will audit has not been officially released, other than HIPAA compliance, there is some information available. The available information has been summarized in the following link:

OCR HIPAA Audit Response Plan

How Loricca Can Help

Loricca understands your confusion and can help your organization become HIPAA and HITECH compliant as well as help you chose and implement the correct ERH software to fit your organizations unique needs. Our turn-key consulting services are tailored to your organizations needs and are delivered with minimal interruption to your operations and staff.

• Compliance Audits & Assessments
• EHR Recommendations
• Management & Staff Training
• Business Associate Agreements
• Strategic Planning & Recommendations
• Disaster Recovery & Business Continuity
• Policy & Procedure Development & Documentation
• Information Security Analysis and Solutions
• Remote Security Monitoring
• Loricca Shield Services

Loricca Healthcare Solutions Group knows the healthcare business and is an expert on HIPAA, HITECH and EHR requirements. We have had the privilege of providing services to a multitude of clients in the healthcare industry, focused on providing innovative solutions designed to achieve compliance while enhancing the overall security posture for:

• Hospitals and Health Systems
• Health Plans
• Insurance Companies
• Academic Medical Centers
• Counties and Municipalities
• Government Organizations
• Other Services Providers

Using experience people, the best of breed tools and proven methodology Loricca Healthcare Solutions Group can provide a complete assessment, implementation, and management services for your healthcare organization.

Read more here on our HIPAA Toolkit.