Over the last couple of years, the Department of Health and Human Services (HHS) conducted “desk audits” of 166 covered entities and 41 business associates. These audits focused on select HIPAA privacy, security and breach notification requirements. HHS has not released its official findings from the audits yet, but it has identified serious compliance gaps in the following areas:

Employers that sponsor group health plans should periodically review their compliance with HIPAA rules, including whether their security analysis and risk management for electronic PHI is up to date. Employers should also watch for more guidance from HHS on these compliance requirements.


Information provided HR360, the award-winning online HR library featuring easy-to-understand guidance on federal and state labor laws and Health Care Reform along with interactive HR tools and hundreds of forms and posters.The information and materials herein are provided for general information purposes only and are not intended to constitute legal or other advice or opinions on any specific matters and are not intended to replace the advice of a qualified attorney, plan provider or other professional advisor. This information has been taken from sources which we believe to be reliable, but there is no guarantee as to its accuracy.