A New Round of HIPAA Audits Coming in 2016: Is Your Company Prepared?

A New Round of HIPAA Audits Coming in 2016: Is Your Company Prepared?

| Dec 2, 2015 | Practice Areas, Regulatory Compliance, U.S. Private and Emerging Business |


The more pervasive use of technology by healthcare institutions comes with the need for greater protection of personal information. This is especially true for institutions that directly handle the health care information of the general public or have a branch of its organization that does so. In 2016, the Department of Health and Human Services (DHHS) will review the effectiveness of its own protocols and mechanisms for protecting the personal health information of the public. The Office for Civil Rights (OCR), a division of the DHHS, will be in charge of conducting the audits. The OCR has budgeted 43 million dollars in 2016, an increase of 4 million dollars over the 2015 budget, to carry out this plan. The additional funds will be used to conduct audits to ensure greater privacy protection in the health care industry. The additional funds will be used to check to ensure that all of the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) rules and regulations are being followed and to check to see if greater measures need to be implemented to protect patient privacy.

The Office for Civil Rights is responsible for enforcing all of the rules regarding HIPAA including security, privacy and breach notifications. The OCR will develop all of the regulations and policies and will offer guidance in ensuring that all measures are being taken to protect the privacy of all patients. The office will also provide technical assistance as needed to safeguard the standards set by HIPAA. When complaints are filed, it is the responsibility of the OCR to investigate each complaint. The OCR will be permitted to impose fines on those who are not following the guidelines set forth by HIPAA. In 2014, the Office for Civil Rights settled 15,000 complaints for HIPAA violations and collected 8 million dollars in fines. In 2015, the OCR is predicting that it will collect 5.5 million in fines. Fewer complaints were received in 2015 by the OCR. This could be due to more businesses implementing more effective ways of ensuring patient privacy.

The 2016 new audit compliance program is sure to cause challenges to companies who receive notification that they will be receiving a HIPAA audit. Organizations that are included in the new audit program include hospitals, health care providers, health insurance providers and business that handle health care data of the general public. The Office for Civil Rights is planning on conducting between 200 and 300 audits in 2016. The main focus of the audits is going to be on the way patients retrieve and acquire their data along with notification policies. The Office for Civil Rights will also be scrutinizing security breach and notification rules to determine if precautions and are being taken and how they are being executed to confirm the safety of electronic data and encryption devices.

In the wake of several recent high profile credit card breaches, the government is working hard to guarantee the privacy of all patient medical information. It is the goal that the 2016 audit plan is a step toward confirming that that the privacy of every patient is protected beginning with the health care plan provider and continuing on to every piece of equipment that is used to preform necessary tests that collects electronic data. Consult your legal counsel to determine how your company or institution may be affected by these new efforts.


“FY2016 Budget in Brief – OCR.” HHS.gov. N.p., 02 Feb. 2015. Web. 29 Nov. 2015. <http://www.hhs.gov/about/budget/budget-in-brief/ocr/index.html>.

“5 Things to Know Now about Coming OCR HIPAA Audits.” Healthcare IT News. Jessica Davis, Associate Editor, 26 Oct. 2015. Web. 29 Nov. 2015. <http://www.healthcareitnews.com/news/5-things-know-now-about-coming-ocr-hipaa-audits>.