The Wagner Law Group
Wagner Law Group, A Professional Corporation, is a nationally
recognized ERISA & employee benefits, estate planning,
employment, labor & human resources practice.
in 1996, The Wagner Law Group has 22 attorneys engaged
exclusively in employee benefits, estate planning and
employment law. Six of our attorneys are AV rated by
Martindale-Hubbell as having very high to preeminent legal abilities
and ethical standards. The firm is among the largest ERISA boutiques
in the country. Our practice is national in scope, with clients in
more than 40 states and several foreign countries.
Wagner Law Group
Fax: (561) 293-3591
7108 Fairway Drive
Palm Beach Gardens, FL 33418
East Kennedy Boulevard
Tampa, FL 33602
Francisco, CA 94104
100 South 4th Street, Suite 550
St. Louis, MO 63102
October 2, 2015
Health and Welfare Law
HHS's Office of Civil Rights to Launch New
Round of HIPAA Audits
Department of Health and Human Services' Office of Civil Rights
("OCR") will begin audits early next year to gauge covered
entities' compliance with HIPPA's security and privacy requirements
for Protected Health Information ("PHI").
Background. HIPAA establishes standards for protecting
individuals' PHI that is created, received, used or maintained by
covered entities, including group health plans, and business
associates. This standard requires that entities design, implement
and enforce appropriate administrative, physical, and technical
safeguards to ensure the confidentiality, integrity, and security of
PHI. OCR is responsible for enforcing this standard.
OCR published an online, searchable audit protocol that mapped
HIPAA's requirements. The audit protocol is a valuable tool that
organizations can use to conduct internal assessments of compliance
with key HIPAA requirements, including security policy development,
security monitoring and detection, security governance and
management, workforce training, incident response planning, and
business associate conduct and contracts.
Audits. OCR has confirmed that
its HIPAA audits will target common compliance issues and include
both onsite and remote "desk views." The audits will
include covered entities and their business associates, which often
provide data processing and management services to the organization.
HIPAA audits will also review whether organizations have conducted
enterprise-wide risk assessments to identify their technical and
procedural vulnerabilities, and whether those assessments are then
translated into remediation strategies, as well as operational
policies and employee training. In addition, OCR is almost certain to
examine organizations' preparedness to detect, respond and recover
from security incidents and data breaches.
Steps for Covered Entities.
Covered entities should conduct comprehensive risk assessments to
identify issues for remediation before the OCR audits begin. To this
end, covered entities should consider retaining qualified outside
assistance to provide an objective view and to help develop a
comprehensive plan that addresses physical, technical and
administrative safeguards, and prepare and begin implementation of