The Department of Health & Human Services (HHS) is required under Section 13411 of the HITECH Act to conduct periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards. To implement this mandate, HHS’ Office for Civil Rights (responsible for enforcing the HIPAA Privacy and Security Rules) piloted an audit program of covered entities to assess privacy and security compliance. The OCR HIPAA Audit program analyzes processes, controls, and policies of selected covered entities pursuant to the HITECH Act audit mandate. OCR has now published audit protocols for HIPAA Security and HIPAA Privacy and Breach. The protocols may be found at: http://ocrnotifications.hhs.gov/hipaa.html. The audit protocols cover Privacy Rule requirements for (1) notice of privacy practices for PHI, (2) rights to request privacy protection for PHI, (3) access of individuals to PHI, (4) administrative requirements, (5) uses and disclosures of PHI, (6) amendment of PHI, and (7) accounting of disclosures. The protocols also cover Security Rule requirements for administrative, physical, and technical safeguards. In addition, the protocols cover requirements for the Breach Notification Rule. Covered entities and business associates should review the OCR protocols and self-assess their data privacy and security program against them to better assess their own HIPAA compliance and implement enhancements or corrective actions that may be necessary to improve their programs.
Register Now As you are not an existing subscriber please register for your free daily legal newsfeed service.Register
If you have any questions about the service please contact firstname.lastname@example.org or call Lexology Customer Services on +44 20 7234 0606.
OCR releases audit protocols for HIPAA security, privacy and breaches
If you are interested in submitting an article to Lexology, please contact Andrew Teague at email@example.com.
“I make an effort to read at least several articles each day and regularly share the particularly relevant or interesting articles with my colleagues. I greatly appreciate the inclusion of the Lexology service by the State Bar of...
“I make an effort to read at least several articles each day and regularly share the particularly relevant or interesting articles with my colleagues. I greatly appreciate the inclusion of the Lexology service by the State Bar of Texas and have recommended that my friends and colleagues join the Corporate Counsel Section of the State Bar in order to obtain this service for themselves.”
Edward J. Willey III
Huawei Technologies (USA)