News › Industry News, News

HHS Announces HIPAA Audit Program Will Resume

January 24, 2025

The U.S. Department of Health and Human Services (HHS) recently updated its HIPAA enforcement website to announce the start of its 2024-25 audit program. HIPAA is enforced by HHS’ Office for Civil Rights (OCR). According to OCR, the 2024-25 HIPAA audits will review 50 covered entities’ and business associates’ (collectively called regulated entities) compliance with selected provisions of the HIPAA Security Rule most relevant to hacking and ransomware attacks. 

This is a significant compliance step for OCR, which has not utilized its HIPAA audit program since 2016-17 due to a lack of financial resources. HIPAA audits are primarily a compliance improvement activity; however, if an audit reveals a serious compliance issue, OCR may initiate a compliance review of the regulated entity to investigate.

  • HHS has announced that its HIPAA audit program will resume. 
  • Fifty covered entities and business associates will be selected for an audit. 
  • The audits will focus on selected provisions of the HIPAA Security Rule most relevant to hacking and ransomware attacks.
  • Although HIPAA audits are primarily a compliance improvement activity, HHS may investigate a regulated entity if an audit reveals a serious compliance issue.

HIPAA Enforcement Website >>

HIPAA Security Rule >>

HIPAA Audit Program >>

Become a member

Get the tools you need to succeed in the medical spa industry.

Related
    • New Radiesse Research Highlights Deeper Extracellular Matrix Regeneration
    • Aesthetic Injector Academy Becomes Silver Vendor Affiliate with the American Med Spa Association
    • Medical Purchasing Resource Becomes Platinum Vendor Affiliate with the American Med Spa Association
    • Allergan Aesthetics Launches HArmonyCa with Lidocaine in Canada
    • Designed by Stax Becomes Platinum Vendor Affiliate with the American Med Spa Association