In the months before a transition to a new administration, the Office for Civil Rights (OCR) released the long-awaited 2016-2017 HIPAA Audits Industry Report, offering a look at the successes and shortcomings of select covered entities (CE) and business associates (BA).
Among the major takeaways: Eighty-nine percent of the audited CEs failed to show they were correctly implementing the individual right of access.
To provide an extra layer of analysis, OCR created a rating system to show varying degrees of compliance, with a 1 rating representing the highest level of compliance and a 5 rating representing the lowest. Only one audited CE received a 1 rating for its access implementation. The majority of CEs (78%) received either a 4 or 5 rating.