OCR Continues to Ramp Up for Audits

June 20, 2014 David Holtzman

Office for Civil Rights Seeks a Senior Auditor


Earlier this year OCR announced that they are launching the HIPAA/HITECH Audit Program this year and have been ramping up efforts to kick off the program. They added staff to execute the audits, announced the scope of the next phase and now are taking another step towards launching Phase II by inviting applications to fill the position of a new Senior Auditor to lead the project. What is interesting is that the posting on the government’s online “Help Wanted” bulletin board, describes the position as a “temporary detail”, not to exceed 120 days at the “GS-15” level.

“Details” are commonly used in the federal government to fill positions on a temporary basis through “detailing” an employee from another agency or office within the same department, usually with the permission of their senior management. Generally, the person selected for the detail returns to their home agency at the end of the detail, although they could be considered to have a leg-up if the position they filled on the detail is posted to fill the vacancy of the permanent civil service position. Federal employees often look at details as a chance to try their skills at something new or to expand their career horizons without risking their status as a career civil servant.

With that said, it is curious that OCR would put the reins of such a high stakes, visible program into the hands of someone who could be out the door in just four months after his or her arrival. Unanswered is how the program will be administered with staff level employees or if it will rely on contractors working under the direction of OCR leadership. We are also left wondering what type of leadership will the program have after the end of the 120 day detail. Only time will tell.

OCR is being very loud and clear that they are ready to execute the new audit program and will be auditing several more organizations than they did during the pilot program. In the meantime, covered entities should continue to comply with HIPAA regulations and take the necessary steps to prepare for the next round of audits.

Previous Article
Is an Online Risk Analysis That Pays for Fines & Penalties a Bad Bet?
Is an Online Risk Analysis That Pays for Fines & Penalties a Bad Bet?

A recent marketing come-on to healthcare practices and business associates from a company that provides an ...

Next Article
OIG Calls for Tighter Controls on PHI Sent to Offshore Vendors
OIG Calls for Tighter Controls on PHI Sent to Offshore Vendors

Report to OCR and CMS Says Reliance on BA Agreements is Not Enough Healthcare, like many other industries, ...


Subscribe to Cyber Bulletins with the Latest News, Tips and More!

First Name
Last Name
Join Our Mailing List
Thank you!
Error - something went wrong!