Filed Under:Health Insurance, Individual Health

Will you top the HIPAA audit candidate list?

HIPAA auditors could send the questionnaire to about 200
HIPAA auditors could send the questionnaire to about 200 "business associates" per year.

Federal regulators have completed work on a document that could terrify as many as a few dozen health insurance agents, brokers and consultants in the coming year: a "pre-audit screening questionnaire."

The Office for Civil Rights (OCR), an arm of the U.S. Department of Health and Human Services (HHS), is creating the questionnaire in connection with an effort to audit keepers and users of protected health information for compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) health data privacy and data security requirements.

See also: Phase 2 HIPAA audits

OCR officials developed the pre-audit screening questionnaire to help OCR decide whether entities are "eligible candidates for HIPAA compliance audits."

The entities that get the questionnaires "will provide basic descriptive information about their organization," OCR officials say in a statement describing the questionnaire. "They will provide information including, but not limited to, a verification of being a covered entity, the type of health care organization, the number of patients, members or transactions, their use of technology, their total revenue per fiscal year and other questions."

The HIPAA health information rules apply to "covered entities," such as hospitals and health insurance companies.

The rules also apply to the "business associates" of the covered entities. The "business associate" category can include almost any type of entity that handles protected health information, ranging from accounting firms to medical transcription firms to benefit plan administrators. Most health insurers that sell products such as major medical coverage, Medicare supplement insurance, dental insurance or long-term care insurance require agents to accept responsibility for meeting the business associate requirements.

See also: PwC: Why health data questions drive you crazy

HHS OCR officials have already been auditing the covered entities. OCR officials have been talking about starting to audit the business associates. They have given a little new information about the business associate auditing program in a federal paperwork review packet.

For a look at what officials are saying in the packet, read on.

Scared eyes

1. The likelihood of being chosen even to fill out the pre-screening questionnaire is low.

OCR officials expect to send the pre-screening questionnaire to only about 200 business associates per year, and the vast majority of the business associates will probably entities outside the insurance and benefits communities.

Officials did not say how big they think the universe of business associates is, but they estimated that there about 3 million entities in the covered entity universe. OCR officials expect to send only 500 pre-screening questionnaires to covered entities.

See also: Inspectors Blast CMS Health Data Oversight

Clock

2. Filling out the pre-screening questionnaire may not take that long.

OCR officials do not estimate how much time business owners who get a pre-screening questionnaire will spend tossing and turning in bed at night, and having nightmares about what exactly happens during a HIPAA Phase 2 compliance audit.

But officials estimate that filling the form itself should take a typical business associate entity only about half an hour.

See also: Do you live in fear of an IRS audit?

Rear view mirror

3. OCR officials will be using the questionnaire to get potentially sensitive information from you.

The first page of the questionnaire asks an entity to provide its name, the name of primary contact person at the entity, and the contact person's e-mail address, telephone number and mailing address.

It's conceivable that one risk of filling out the questionnaire is that the OCR investigators could get hacked: The U.S. Department of Health and Human Services Office of Inspector General (HHS OIG) reported in December 2013 that OCR investigators were doing a poor job of protecting the data they were using in their own investigations.

Featured Video

Most Recent Videos

Behind the scenes with Vicki Gunvalson [VIDEO]

Provided by LIFEHEALTHPRO

In this exclusive interview, Vicki Gunvalson shares how she built a $15 million a year annuity business by planning for...

Regulator: Market may need to reinvent LTCI

Provided by LIFEHEALTHPRO

Cioppa says Maine's governor wants to spur the creation of better products.

Dementia: It's more than Alzheimer's

Provided by LIFEHEALTHPRO

An association calls for policymakers to remember lesser-known neurodegenerative conditions.

Protesters Disrupt WellPoint Annual Meeting

Provided by LIFEHEALTHPRO

Hecklers call for more disclosures of information about political contributions.

Related resources

More Resources

Comments

Power your business with up-to-the-minute insurance news, analysis, and best practices from LifeHealthPro Daily eNewsletter – FREE.

Power your business with LifeHealthPro Daily eNewsletter – FREE.

Enter a valid email address.
Close
Nichole Morford

Nichole Morford
Managing Editor

Thank you for subscribing to LifeHealthPro Daily!

Check Out More eNewsletters Now! Close

Advertisement. Closing in 15 seconds.