On June 26, the U.S. Department of Health and Human Services Office for Civil Rights posted on its website the protocol it intends to use to audit health care providers, health plans and health care clearing houses for compliance with the Health Insurance Portability and Accountability Act of 1996. The new audit protocol is extremely detailed and comprehensive. The audit protocol not only sets forth, for the first time, detailed steps for entities to follow in their efforts to comply with HIPAA, but also announces a shift in the governments historical approach towards HIPAA enforcement. While in the past HIPAA enforcement has been largely reactive in response to complaints and other violations, OCRs audit protocol evinces a shift toward proactive investigation in the form of audits, including disclosure of audit findings and best practices for the benefit of the health care industry at large.
What it Is
HIPAA is a federal law that establishes protections for the privacy and security of personal health information and sets forth notification requirements in the event the privacy and security requirements are breached. In 2009, under the Health Information Technology for Economic and Clinical Health Act, which was enacted as part of the American Recovery and Reinvestment Act, HHS was required to provide for periodic audits to ensure HIPAA compliance by covered entities. To implement this mandate, in late 2011, OCR implemented a pilot program in which it would perform an expected 115 audits of selected covered entities to assess compliance with HIPAA Privacy, Security and Breach Notification Rules. HHS awarded KPMG a $9.2 million contract to implement the pilot program, including developing and refining an audit protocol and identifying covered entities which would be subject to audit under the pilot program. The audit protocol that was issued this summer provides covered entities with welcome insight into the factors that auditors consider in assessing HIPAA compliance.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]