Initial HIPAA audit results released


Earlier this month, OCR revealed some preliminary results of these pilot audits at a National Institute of Standards and Technology conference. OCR presented audit results for 20 covered entities. The audits revealed a number of common issues, including the following:

- Lack of written policies and procedures
- Missing business associate contracts
- Improper use and disclosure of information concerning deceased patients
- Failure to verify the identity of the person requesting health information
- Improper disclosures in response to judicial subpoenas and administrative requests
- Denials of patients’ access to their own records
- Lack of ongoing privacy training
- Minimal monitoring of employees’ access to electronic patient records
- Lack of contingency plans in cases of emergencies in order to access electronic records

Have questions? I’m here to help.