Matthew Jackson, Protiviti Director, Healthcare Technology and Kevin Dunnahoo, Protiviti Associate Director, Healthcare Technology
In 2017, the Office for Civil Rights (OCR) formally implemented an audit program whose subjects include a wide variety of healthcare organizations. Healthcare organizations covered by the Health Insurance Portability and Accountability Act (HIPAA) will want to ensure they are prepared for audits of their HIPAA compliance. Enterprises may find themselves subject to a HIPAA audit following a breach or a complaint, but they could also be targeted randomly, as the OCR proactively seeks to identify recurring issues as well as industry best practices. This article lists specific violations uncovered in recent audits elsewhere as well as a checklist of tasks organizations should do to identify gaps in their HIPAA compliance.