Utilizing the HIPAA audit protocols as a compliance tool By Kimberly J. Gold

Originally published in Compliance Today on December 1, 2012.

..Covered entities are now subject to privacy and security audits by OCR.

..OCR published audit protocols regarding its standards for such audits.

..The audit protocols cover the HIPAA Privacy Rule, Security Rule, and Breach Notification requirements.

..Policies and procedures and documentation are of utmost importance to auditors.

..The audit protocols should be used as a compliance tool.

In order to ensure that covered entities comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules and Breach Notification requirements, and as mandated by the Health Information Technology for Economic and Clinical Health Act (HITECH), the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) has begun performing privacy and security audits of covered entities. OCR initiated a pilot audit program to perform 115 audits of covered entities between November 2011 and December 2012, and this pilot program has helped OCR refine the HIPAA requirements that it will assess during its audits. In June 2012, OCR published audit protocols that provide more clarity on auditors’ standards for performing HIPAA compliance audits of covered entities and business associates.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Mintz Levin - Health Law & Policy Matters | Attorney Advertising

Written by:


Mintz Levin - Health Law & Policy Matters on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.