OCR Undecided on Including BAs in HIPAA Audits

The Office for Civil Rights will work with contractor KPMG to develop audit protocols for business associates. If the test audits return positive results, OCR says it will launch a full range of onsite audits and an evaluation process.

2 comments on "OCR Undecided on Including BAs in HIPAA Audits"
Daniel W Berger (8/6/2011 at 1:15 PM)

Business Associates are most often the largest "surface area" of ePHI breach risk in hospitals. We highly recommend that OCR include BA's in their HIPAA audit program. In fact, this would be one of the most important things OCR do to assist hospitals with maintaining HIPAA compliance and safeguarding ePHI. It helps the hospitals hold their BA's more accountable.
Mark Meade (8/5/2011 at 10:41 AM)

With over 39% of work age Americans not having jobs ,unemployment figures only count those actively seeking work, the government is going on a crusade against business over HIPPA privacy laws. This is the same government that refuses to prosecute violators who publish medical information claiming freedom of the press. One could draw a parallel to arresting homeowners who have been burglarized for allowing a thief to rob them.


FREE e-Newsletters Join the Council Subscribe to HL magazine


100 Winners Circle Suite 300
Brentwood, TN 37027


About | Advertise | Terms of Use | Privacy Policy | Reprints/Permissions | Contact
© HealthLeaders Media 2015 a division of BLR All rights reserved.