Healthcare & Business Associates: Prepare for 2017 HIPAA Audits


Calling all healthcare organizations, providers, hospitals and business associates - are you ready for the HIPAA security audits coming in 2017?

The governing body that enforces the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Office for Civil Rights (OCR) will be conducting a small number of onsite and desk audits, and has contacted 167 healthcare providers and 48 business associates last year, according to

Business associates include vendors that provide services to healthcare organizations, and may be held liable for a breach of healthcare patient data or security. A few examples of business associate services include legal, actuarial, consulting, accounting, data aggregation, financial, etc. Learn more about business associates.

The OCR will launch its full audit program to help assess HIPAA compliance efforts and discover new security risks in order to provide better guidance for healthcare organizations and business associates.The OCR is looking for policies and procedures related to the HIPAA Privacy, Security and Breach Notification rules. See specifics about each area, and what the OCR is looking for in its audit protocol.

Learn more about two major problem areas the OCR has seen in past audits in this blog by Duo’s Thu Pham.