News › Industry News, News

HHS Announces HIPAA Audit Program Will Resume

January 24, 2025

The U.S. Department of Health and Human Services (HHS) recently updated its HIPAA enforcement website to announce the start of its 2024-25 audit program. HIPAA is enforced by HHS’ Office for Civil Rights (OCR). According to OCR, the 2024-25 HIPAA audits will review 50 covered entities’ and business associates’ (collectively called regulated entities) compliance with selected provisions of the HIPAA Security Rule most relevant to hacking and ransomware attacks. 

This is a significant compliance step for OCR, which has not utilized its HIPAA audit program since 2016-17 due to a lack of financial resources. HIPAA audits are primarily a compliance improvement activity; however, if an audit reveals a serious compliance issue, OCR may initiate a compliance review of the regulated entity to investigate.

  • HHS has announced that its HIPAA audit program will resume. 
  • Fifty covered entities and business associates will be selected for an audit. 
  • The audits will focus on selected provisions of the HIPAA Security Rule most relevant to hacking and ransomware attacks.
  • Although HIPAA audits are primarily a compliance improvement activity, HHS may investigate a regulated entity if an audit reveals a serious compliance issue.

HIPAA Enforcement Website >>

HIPAA Security Rule >>

HIPAA Audit Program >>

Become a member

Get the tools you need to succeed in the medical spa industry.

Related
    • Massachusetts Med Spa Owner Pleads Guilty in Federal Counterfeit Injection Case
    • Merz Aesthetics’ Radiesse Receives FDA Approval for Décolleté Wrinkles
    • New Book “Get Found, Get Booked” Reveals a Smarter, Ethical Approach to Marketing for Med Spas and Wellness Practices
    • Bill Regulating Indiana Med Spas Has Passed: What You Need to Know and Why Collective Advocacy Matters
    • Growth, Capital and Control: Navigating Private Equity in Aesthetics