Health IT Pulse

Jun 29 2012   3:18PM GMT

HIPAA audit process suddenly less mysterious as OCR releases template

Don Fluckinger Profile: Don Fluckinger

Tags:
HIPAA
HIPAA audits
HIPAA Compliance
OCR

The U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) – main enforcer of HIPAA patient data privacy and security laws – lifted the veil on its HIPAA audit process for health care providers, a program that went into effect earlier this year with 150 pilot providers up for audits in 2012.

In posting its proposed audit protocols, OCR indicated that its enforcement activity will focus on privacy, security and breach notification compliance programs HIPAA covered entities will have in place. Auditors will examine such documents as breach notification policies that define actions a covered entity will take once a breach is discovered, and delve into detailed matters such as how a covered entity manages an employee’s access to protected health data when he or she is promoted or transferred or retires – and how that differs from when an employee is terminated.

At the 2012 American Health Lawyers Association annual meeting, OCR senior advisor David Mayer discussed some early HIPAA audit experiences. The website JDSupra reports that Mayer related anecdotes of audited providers having little or no HIPAA compliance policies in place, and actually looked to auditors for guidance in setting them up.

Providers who want to steer clear of compliance issues can examine the protocols currently under development and see how their policies, procedures and technology to manage HIPAA compliance stacks up. Mayer said that as of late June, 20 covered entities had been audited, with a target of 95 more this year in the pilot program. Once the OCR publishes its HIPAA Omnibus Rule outlining enforcement procedures, then it will likely add business associate audits into the mix, too.

7  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Don Fluckinger
    #HIPAA audit process suddenly less mysterious as OCR releases template http://t.co/mOJzfVVe
    0 pointsBadges:
    report
  • EMRapproved.com
    #HIPAA audit process suddenly less mysterious as OCR releases template http://t.co/mOJzfVVe
    0 pointsBadges:
    report
  • SearchHealthIT
    #HIPAA audit process suddenly less mysterious as #OCR releases template. http://t.co/circOHmB #HITsm #HCSM #HealthIT
    0 pointsBadges:
    report
  • Jenny Laurello
    #HIPAA audit process suddenly less mysterious as #OCR releases template, says @DonFluckinger. http://t.co/9LL7z7KN #HITsm #HCSM #HealthIT
    0 pointsBadges:
    report
  • PAHCOM
    RT @donfluckinger: #HIPAA audit process suddenly less mysterious as OCR releases template http://t.co/L78nzOTa
    0 pointsBadges:
    report
  • Visible Health
    #HIPAA audit process suddenly less mysterious as #OCR releases template, says @DonFluckinger. http://t.co/9LL7z7KN #HITsm #HCSM #HealthIT
    0 pointsBadges:
    report
  • Cancer research firm upgrades virtual server backup system – TechTarget | Virtualisation Server
    [...] The HHS Office of Civil Rights (OCR), the rule’s author, has yet to reveal which specific pieces of HIPAA’s 2009 congressional makeover will take priority, but HIT leaders know that provisions of the law call for backup, disaster recovery (DR) and data access plans. Furthermore, federal inspections of those plans are part of OCR’s proposed HIPAA audit criteria. [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: