HHS Publishes Roadmap for HIPAA Audits .

Epstein Becker & Green
Contact
LinkedIn
Facebook
X
Send
Embed

One of the less well-known provisions of the Health Information Technology for Economic and Clinical Health (or "HITECH") Act[1] is the requirement that the U.S. Department of Health and Human Services ("HHS") periodically conduct audits to ensure that Covered Entities[2] and their Business Associates[3] are complying with the requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").[4] In November 2011, the HHS Office for Civil Rights ("OCR") launched the pilot phase of its HIPAA compliance audit program ("Audit Program"), selecting 115 entities nationwide to undergo privacy and security audits. While the pilot phase is not scheduled to wind up until December 2012, OCR recently made the protocol[5] guiding these compliance audits publicly available. By identifying individual areas of evaluation, defining the applicable performance criteria, and specifying how auditors will assess compliance with each, the protocol provides a comprehensive and extremely useful roadmap for entities anticipating an OCR audit and all other entities seeking to ensure HIPAA compliance. All Covered Entities and Business Associates should take note, as OCR recently announced that the Audit Program will likely continue through 2014.

Background of the Audit Program -

The Audit Program analyzes processes, controls, and policies of entities covered by HIPAA in order to assess compliance efforts, identify best practices, and discover key areas of risk and vulnerability. Although OCR reserves the right to launch a formal investigation if an audit reveals a serious compliance problem, OCR has also stated that such investigations are not the goal of the Audit Program. By the end of 2012, OCR expects to complete its audit of the 115 entities involved in the pilot phase, all of which have already been notified and are defined by HIPAA as "Covered Entities." As indicated above, OCR has announced that the Audit Program will likely continue following the pilot phase, at which point it will probably be expanded to include Business Associates of Covered Entities.

Please see full publication below for more information.

View PDF
Download PDF [66KB]
Email
Report

LOADING PDF: If there are any problems, click here to download the file.
Send Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Epstein Becker & Green | Attorney Advertising

Written by:

Epstein Becker & Green
Epstein Becker & Green
Contact
more
less

Epstein Becker & Green on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide