HIPAA compliance audits could target VARs and MSPs as soon as October -- and the IT service providers will get no notice that the audits are coming, according to the Department of Health and Human Services.
Indeed, the department will start HIPAA compliance audits of business associates in October. Details about the potential audits surfaced during a HIPAA summit earlier this month, according to GovInfo Security.
Nearly 170 new HIPAA audits were underway as of July 2016 -- but those audits specifically targeted "covered entities" -- basically, a term for healthcare providers. The new round of audits, coming in October, extends to so-called business associates. Under that definition, the audit list could include IT services providers and technology companies that support healthcare organizations.
According to GovInfo Security:
"Starting in October, OCR will notify 40 to 50 business associates that have been selected for an OCR HIPAA compliance "desk," or remote, audit. Unlike covered entities that earlier this year first received an email from OCR requesting verification of contact information in case they were chosen for an audit, business associates aren't getting any warning."
Organizations such as The Compliancy Group have been helping MSPs and other types of channel partners to safeguard their businesses from HIPAA issues. Still, organizations within and across the healthcare industry have been caught with their guard down.
Check our a list of the 10 largest HIPAA fines, and you'll notice some very familiar names from across the United States.