Health Law Alert: SPECIAL FOCUS: HIPAA/PRIVACY: Recently Released HIPAA Audit Protocol Offers Insight As to Audit Priorities, Best Practices


Covered Entities and Business Associates may be breathing a little easier lately, after the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) made public the detailed audit protocols used by KPMG during the first round of random audits. The protocols contain some surprises, but, at a minimum, their publication ends what had been a nonpublic process. Covered entities and business associates alike should review the protocols even if they were not selected for an audit during this past cycle; the protocols offer some surprising indications of government enforcement priorities and provide a fairly granular "road map" of HHS OCR's interests.

The protocols are substantial – 77 individual entries dealing with HIPAA security and 88 individual entries dealing with Privacy and Breach. They are also somewhat difficult to review in detail on OCR's website – each entry is truncated in the main display and must be "clicked on" before the full text is displayed. In an "unofficial" version prepared by the authors, available at [PDF], the protocols are presented in a more usable format and have been edited stylistically for space purposes.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Baker Donelson | Attorney Advertising

Written by:


Baker Donelson on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.