Survey: Many Health Care Organizations Not Ready for HIPAA Audits


A majority of health care organizations are not fully prepared for federal audits that test compliance with HIPAA privacy and security rules, according to a survey conducted by HCPro, Becker's Hospital Review reports (Fields, Becker's Hospital Review, 12/2).

The more than 400 survey respondents included health information management directors and compliance officers.


The HHS Office for Civil Rights hired the contractor KPMG earlier this year to audit covered entities and business associates for HIPAA compliance.

Some of the goals of the audits are to determine how many organizations would comply with HIPAA by Dec. 31, 2012, and to help produce corrective action plans regarding HIPAA privacy and security compliance (Nicastro, HealthLeaders Media, 12/2).

The office plans to conduct as many as 150 audits by the end of 2012 (iHealthBeat, 11/9).

Key Findings

Only 17% of survey respondents said they were fully prepared for OCR's audits.

Seventy percent said they were "somewhat prepared" for the audits (Becker's Hospital Review, 12/2).

Survey respondents pointed to several reasons why they were not fully ready for HIPAA compliance audits, including a lack of commitment to HIPAA compliance by senior management (HealthLeaders Media, 12/2).

to share your thoughts on this article.