October 3, 2018

Critical HIPAA Compliance Gaps Exposed by HHS

Over the last couple of years, the Department of Health and Human Services (HHS) conducted “desk audits” of 166 covered entities and 41 business associates. These audits focused on select HIPAA privacy, security and breach notification requirements. HHS has not released its official findings from the audits yet, but it has identified serious compliance gaps in the following areas:

  • Security risk analysis
  • Security risk management
  • Right of access to protected health information (PHI)

Employers that sponsor group health plans should periodically review their compliance with HIPAA rules, including whether their security analysis and risk management for electronic PHI is up to date. Employers should also watch for more guidance from HHS on these compliance requirements.

Want to learn more? Start a conversation with us

Our mission is to help clients protect assets and enhance employee outcomes through the delivery of exceptional risk management and employee benefit consulting services and products.

Copyright © 2024 The Fedeli Group