At Last, Results of HIPAA Compliance Audit Program Revealed
Gov Info Security
Marianne Kolbasuk McGee
A long-overdue report on findings from a HIPAA compliance audit program conducted in 2016 and 2017 illustrates shortcomings that, unfortunately, are still common today. Those include the failure to conduct a security risk analysis and the failure to give patients access to their records.
Those shortcomings found in remote "desk audits" of 166 covered entities and 41 business associates are still often cited by the Department of Health and Human Services in its Office for Civil Rights' breach investigations.
It's not clear if the long-dormant HIPAA compliance audit program could be revived under the Biden administration. HHS OCR did not immediately respond to an Information Security Media Group request for comment on the belated release of the audit report and plans for an audit program moving forward.
Under the HITECH Act, HHS is required to...