Wagner Header

The Wagner Law Group

The Wagner Law Group, A Professional Corporation, is a nationally recognized ERISA & employee benefits, estate planning, employment, labor & human resources practice. 

 

Established in 1996, The Wagner Law Group has 22 attorneys engaged exclusively in employee benefits, estate planning and employment law. Six of our attorneys are AV rated by Martindale-Hubbell as having very high to preeminent legal abilities and ethical standards. The firm is among the largest ERISA boutiques in the country. Our practice is national in scope, with clients in more than 40 states and several foreign countries.

 

 

 

 

Contact Info

The Wagner Law Group

 

  Integrity | Excellence

  

Boston 

Tel: (617) 357-5200 

Fax: (617) 357-5250 

99 Summer Street 

13th Floor

Boston, MA 02110


Palm Beach Gardens 

Tel: (561) 293-3590
Fax: (561) 293-3591
7108 Fairway Drive
Suite 125
Palm Beach Gardens, FL 33418

   

Tampa

Tel: (813) 603-2959

Fax: (813) 603-2961

101 East Kennedy Boulevard

Suite 2140
Tampa, FL  33602 

 

San Francisco

Tel: (415) 625-0002

Fax: (415) 358-8300

315 Montgomery Street

Suite 904

San Francisco, CA 94104

 

St. Louis

Tel: (314) 236-0065

Fax: (314) 236-5743
100 South 4th Street, Suite 550
St. Louis, MO  63102 

 

www.wagnerlawgroup.com

 

 

 

 

October 2, 2015

 

 Health and Welfare Law Alert

 

 

 

 HHS's Office of Civil Rights to Launch New Round of HIPAA Audits

  

 

 

 

The Department of Health and Human Services' Office of Civil Rights ("OCR") will begin audits early next year to gauge covered entities' compliance with HIPPA's security and privacy requirements for Protected Health Information ("PHI").

 

Background. HIPAA establishes standards for protecting individuals' PHI that is created, received, used or maintained by covered entities, including group health plans, and business associates. This standard requires that entities design, implement and enforce appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of PHI. OCR is responsible for enforcing this standard.

 

In 2012, OCR published an online, searchable audit protocol that mapped HIPAA's requirements. The audit protocol is a valuable tool that organizations can use to conduct internal assessments of compliance with key HIPAA requirements, including security policy development, security monitoring and detection, security governance and management, workforce training, incident response planning, and business associate conduct and contracts.

 

HIPAA Audits. OCR has confirmed that its HIPAA audits will target common compliance issues and include both onsite and remote "desk views." The audits will include covered entities and their business associates, which often provide data processing and management services to the organization.

 

OCR's HIPAA audits will also review whether organizations have conducted enterprise-wide risk assessments to identify their technical and procedural vulnerabilities, and whether those assessments are then translated into remediation strategies, as well as operational policies and employee training. In addition, OCR is almost certain to examine organizations' preparedness to detect, respond and recover from security incidents and data breaches.

 

Action Steps for Covered Entities. Covered entities should conduct comprehensive risk assessments to identify issues for remediation before the OCR audits begin. To this end, covered entities should consider retaining qualified outside assistance to provide an objective view and to help develop a comprehensive plan that addresses physical, technical and administrative safeguards, and prepare and begin implementation of remediation plans.

 

OCR's online audit protocol is available at: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/protocol.html

  

 

 

 

This Newsletter is protected by copyright. Material appearing herein may be reproduced with appropriate credit.

 

This Newsletter is provided for information purposes by The Wagner Law Group to clients and others who may be interested in the subject matter, and may not be relied upon as specific legal advice.  This material is not to be construed as legal advice or legal opinions on specific facts. Under the Rules of the Supreme Judicial Court of Massachusetts, this material may be considered advertising.