After increasing funding and oversight of healthcare providers’ management of PHI, the Office of Civil Rights, the Federal organization charged with this responsibility, will expand its HIPAA audit program substantially.

General Authorities: OCR administers and enforces the HIPAA Privacy, Security, and Breach Notification Rules. OCR is responsible for policy development through the issuance of regulations and guidance. OCR also provides outreach and technical assistance to the regulated community to ensure covered entities and business associates understand their compliance obligations and to the public to increase individuals’ awareness of their HIPAA rights and protections. OCR enforces the HIPAA Rules by investigating complaints and conducting compliance reviews of alleged violations of the HIPAA Rules, providing technical assistance and obtaining corrective actions, as well as entering into resolution agreements or issuing civil monetary penalties, where appropriate. OCR resolved more than 15,000 complaints of alleged HIPAA violations in FY 2014.

HIPAA Audit Program: The HITECH Act mandates that OCR conduct periodic audits to assess entity compliance with HIPAA. OCR conducted a pilot program to ensure that its audit functions could be performed in the most efficient and effective way, and in FY 2015 will continue designing, testing, and implementing its audit function to measure compliance with privacy, security, and breach notification requirements. OCR plans to conduct comprehensive and desk audits of covered entities and business associates. Audits are a proactive approach to evaluating and ensuring HIPAA privacy and security compliance.

RingRx communications solutions help you ensure compliance of HIPAA by protecting PHI created during telecommunications.