News Stay informed about the latest enterprise technology news and product updates.

HIPAA audit process suddenly less mysterious as OCR releases template

The U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) – main enforcer of HIPAA patient data privacy and security laws – lifted the veil on its HIPAA audit process for health care providers, a program that went into effect earlier this year with 150 pilot providers up for audits in 2012.

In posting its proposed audit protocols, OCR indicated that its enforcement activity will focus on privacy, security and breach notification compliance programs HIPAA covered entities will have in place. Auditors will examine such documents as breach notification policies that define actions a covered entity will take once a breach is discovered, and delve into detailed matters such as how a covered entity manages an employee’s access to protected health data when he or she is promoted or transferred or retires – and how that differs from when an employee is terminated.

At the 2012 American Health Lawyers Association annual meeting, OCR senior advisor David Mayer discussed some early HIPAA audit experiences. The website JDSupra reports that Mayer related anecdotes of audited providers having little or no HIPAA compliance policies in place, and actually looked to auditors for guidance in setting them up.

Providers who want to steer clear of compliance issues can examine the protocols currently under development and see how their policies, procedures and technology to manage HIPAA compliance stacks up. Mayer said that as of late June, 20 covered entities had been audited, with a target of 95 more this year in the pilot program. Once the OCR publishes its HIPAA Omnibus Rule outlining enforcement procedures, then it will likely add business associate audits into the mix, too.

Join the conversation

7 comments

Send me notifications when other members comment.

Please create a username to comment.

#HIPAA audit process suddenly less mysterious as OCR releases template http://t.co/mOJzfVVe
Cancel
#HIPAA audit process suddenly less mysterious as OCR releases template http://t.co/mOJzfVVe
Cancel
#HIPAA audit process suddenly less mysterious as #OCR releases template. http://t.co/circOHmB #HITsm #HCSM #HealthIT
Cancel
#HIPAA audit process suddenly less mysterious as #OCR releases template, says @DonFluckinger. http://t.co/9LL7z7KN #HITsm #HCSM #HealthIT
Cancel
RT @donfluckinger: #HIPAA audit process suddenly less mysterious as OCR releases template http://t.co/L78nzOTa
Cancel
#HIPAA audit process suddenly less mysterious as #OCR releases template, says @DonFluckinger. http://t.co/9LL7z7KN #HITsm #HCSM #HealthIT
Cancel
[...] The HHS Office of Civil Rights (OCR), the rule’s author, has yet to reveal which specific pieces of HIPAA’s 2009 congressional makeover will take priority, but HIT leaders know that provisions of the law call for backup, disaster recovery (DR) and data access plans. Furthermore, federal inspections of those plans are part of OCR’s proposed HIPAA audit criteria. [...]
Cancel

-ADS BY GOOGLE

SearchCompliance

SearchCIO

SearchCloudComputing

SearchMobileComputing

SearchSecurity

SearchStorage

Close