First few Article Sentences
The 2009 HITECH Act mandated many changes to the HIPAA regulations. One such change requires the Office of Civil Rights (“OCR”) of the Department of Health and Human Services to conduct “periodic audits” on covered entities and business associates to ensure HIPAA compliance. OCR’s stated goal for the audits is to help covered entities and business associates improve compliance with the HIPAA Privacy and Security Rules. In furtherance of this goal, OCR plans to share best practices for HIPAA compliance that are learned through the Audit Program. No fines will directly result from the HIPAA audits, but OCR could initiate a separate investigation based on the audit findings.