OCR moving from retroactive to proactive HIPAA auditing

Twitter icon
Facebook icon
LinkedIn icon
e-mail icon
Google icon

The Department of Health and Human Services' Office of Civil Rights (OCR) is planning to move forward with its proactive HIPAA audits of business associates and covered entities, according to a report from The National Law Review.

In the past, OCR conducted audits of covered entities when organizations submitted breach reports. Going forward, OCR plans to periodically conduct random audits to ensure continued compliance with HIPAA's security rule.

According to the report, initial audits will consist of "desk audits" in which OCR will ask entities to submit security policies and procedures for review but some in-person audits may occur.