Received a Friendly Questionnaire from OCR?

Provided by: Jennifer Kirschenbaum, Esq.

Marh 27, 2018

Question:

Hi Jennifer,

I have been contacted by OCR via email, and they sent me a questionnaire, should I answer it?

Thanks, Dr. O

Answer:

Good question, always best to check. The Office for Civil Rights (OCR), as we know, are the HIPAA Police - the arm of the Federal Government responsible for enforcing HIPAA compliance on covered entities. The email you received is part of Phase 2 of OCR's Audit Program. If "Phase 2" sounds ominous, that is because the questionnaires going out are data collection to create a pool for audit. If this sounds like preparation for invasion, your interpretation is not too far off. OCR plans to use the data to create potential audit targets for a full scale assessment of compliance. Questions will cover information such as the size of your practice, type and operations - specifically with regards to your technical, physical and administrative safeguards in place to protect patient protected health information. Here is an overview of Phase 2 - https://www.hhs.gov/sites/default/files/OCRDeskAuditOpeningMeetingWebinar.pdf.

If you're thinking deleting or ignoring an email from OCR will keep you off the radar, well, that is just ridiculous. The reality is you would likely be selected regardless, except OR unless you provided such stellar proof of compliance pre-audit you are checked off the list. Now, of course not every covered entity is going to be audited by OCR. But, if you are selected and you do not have in place the required policies and procedures you may be subject to substantial monetary fines.

We all know we need protections in place when it comes to patient privacy - now the agency in charge is actively auditing, on top of already being one of the most accessible agencies for patient and employee reporting/whistle-blowing.

How do you pass the questionnaire?  Get your compliance in place (Security Policy at a minimum - conduct your Security Risk Assessment - click here and create your action plan) and work with counsel to respond if selected for inquiry or audit by OCR.

For our HIPAA policies and procedures, click here - http://www.healthcarepracticecompliance.com/.

Ask us a question

Jennifer Kirschenbaum, Esq. Partner

Ask us your questions. We will help if we can & let you know before any charge is incurred.

Jennifer@kirschenbaumesq.com

Educational Webinars

A discussion on Market impact to practice

Preparing for PPP Forgiveness and Patient Care Impacts with Covid 19

Looking for the KK Healthcare Exchange? Click Here.

MISSED OUR RECENT WEBINARS? CLICK HERE ANYTIME!

Looking for HIPAA and compliance forms?
Click here to visit our website.

Have a question or comment for Jennifer?
Contact Jennifer at Jennifer@Kirschenbaumesq.com or at (516) 747-6700 x. 302.

Interested in having Jennifer speak at an event or
at a residency/fellowship program?
Contact Jennifer directly at (516) 747-6700 x. 302 or at Jennifer@Kirschenbaumesq.com

Click here to learn about
K&K's Prepaid Legal Audit/Investigation Defense Now!