{ Banner Image }

Newly Released Audit Protocol Serves as Guidance for Compliance Programs

Newly Released Audit Protocol Serves as Guidance for Compliance ProgramsThe Health Information Technology for Economic and Clinical Health Act ("HITECH Act"), passed in 2009, imposed new requirements on health care providers (among others) related to the privacy and security of Protected Health Information ("PHI").  Included in the HITECH Act's requirements was a mandate that the Department of Health and Human Services’ ("HHS") Office for Civil Rights ("OCR") conduct audits to analyze the processes, controls and policies of certain covered entities.  The pilot program for such audits began in 2011 and will conclude in December, 2012.

Recently, HHS and OCR unveiled their Health Insurance Portability and Accountability Act ("HIPAA") audit protocol (the "Protocol"), which outlined the requirements to be assessed through the audits.  (The Protocol can be accessed on HHS' website.)  The Protocol addressed requirements for the HIPAA Security Rule and HITECH Breach Notification Rule.  Additionally, the protocol covered the HIPAA Privacy Rule's requirements for the following:

  • Notice of Privacy Practices for PHI;
  • Rights to Request Privacy Protection for PHI;
  • Access of individuals to PHI;
  • Administrative Requirements;
  • Uses and Disclosures of PHI;
  • Amendment of PHI; and
  • Accounting of disclosures.

Of particular relevance, the Protocol identifies the procedures and questions on which auditors should focus when conducting HIPAA audits.  In doing this, the Protocol emphasizes the issues of particular importance to OCR and reveals areas of potential compliance enforcement concentration.  It also serves as a guideline for health providers to use when reviewing and updating their compliance programs.

In addition to aiding compliance efforts, the Protocol may also help health care providers avoid significant financial penalties. One of the HITECH Act's most daunting provisions greatly increased penalties for HIPAA violations occurring after February, 2009. The civil money penalties for violating HIPAA privacy standards, which were previously set at $100 per violation with an annual cap of $25,000, have been increased to $50,000 per violation with an annual $1,500,000 cap.

For more information about how to utilize the audit Protocol to update and streamline your compliance program, please contact one of Foster Swift’s health care law experts.

Categories: Compliance, HIPAA, HITECH Act, Hospitals, Physicians, Regulatory

Photo of Mindi M. Johnson
Shareholder

With a business-minded approach, and service-oriented delivery, Mindi helps clients navigate challenges and solve problems in the areas of employee benefits law and health care law. Mindi has spoken and written extensively on employee benefits, health care reform, and health care law topics, and is actively involved in a number of legal, professional and industry organizations focused on these issues.

View All Posts by Author ›

Type the following characters: tango, hotel, three, romeo

* Indicates a required field.

Subscribe to RSS»
Get Updates By Email:

Best Lawyers® 2021

Congratulations to the attorneys of the Health Care practice group at Foster Swift Collins & Smith, PC for their inclusion in the Best Lawyers in America 2021 edition. Firm-wide, 44 lawyers were listed. Best Lawyers lists are compiled based on an exhaustive peer-review evaluation and as lawyers are not required or allowed to pay a fee to be listed; inclusion in Best Lawyers is considered a singular honor. Health Care practice group members listed in Best Lawyers are as follows:

To see the full list of Foster Swift attorneys listed in Best Lawyers 2021, click here.