OCR Releases HIPAA Audit Protocol
The Office for Civil Rights (OCR) released on June 26 a protocol for a Health Insurance Portability and Accountability Act (HIPAA) audit program that is already underway. Mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, the OCR piloted the program in November 2011 and will continue audits until the end of the year.The OCR will perform 115 audits of HIPAA-covered entities before all is said and done. The audits will assess a covered entity’s compliance with:
- Privacy Rule requirements for personal health information (PHI);
- Security Rule requirements for administrative, physical, and technical safeguards; and
- Requirements for the Breach Notification Rule.
The audit protocol is available for public review and searchable by keyword(s) in a table on the OCR website.