HHS Announces HIPAA Compliance Review Program
On March 25, 2019, HHS announced the launch of the Compliance Review Program. In April 2019, HHS will randomly select nine covered entities (five health plans and four clearinghouses) for a review of their compliance with the HIPAA administrative simplification rules for electronic health care transactions. This is a follow-up to the 2018 pilot program, which included health plan and clearinghouse volunteers.
Specifically, the program will review compliance with the rules related to electronic transactions, code sets, unique identifiers, and operating rules. If the entity is not in compliance, HHS will work with the entity to resolve. If the noncompliance continues, HHS may increase enforcement action. If there is willful and egregious noncompliance, monetary penalties may be assessed.
The announcement shows the continued efforts of HHS to enforce the HIPAA privacy and security rules. Employers who sponsor a group health plan, whether fully insured or self-insured, have responsibilities under those rules including identifying a privacy official, conducting a risk analysis, training workforce members, maintaining written policies and procedures, and safeguarding protected health information.
To learn more about a plan sponsor’s responsibilities, please view the NFP archived webinar entitled “Make a Resolution to Comply with HIPAA.”