Health Care Law Blog Banner

Health Care Law Blog

Newly Released Audit Protocol Serves as Guidance for Compliance Programs
Posted by: and

Newly Released Audit Protocol Serves as Guidance for Compliance ProgramsThe Health Information Technology for Economic and Clinical Health Act ("HITECH Act"), passed in 2009, imposed new requirements on health care providers (among others) related to the privacy and security of Protected Health Information ("PHI").  Included in the HITECH Act's requirements was a mandate that the Department of Health and Human Services’ ("HHS") Office for Civil Rights ("OCR") conduct audits to analyze the processes, controls and policies of certain covered entities.  The pilot program for such audits began in 2011 and will conclude in December, 2012.

Recently, HHS and OCR unveiled their Health Insurance Portability and Accountability Act ("HIPAA") audit protocol (the "Protocol"), which outlined the requirements to be assessed through the audits.  (The Protocol can be accessed on HHS' website.)  The Protocol addressed requirements for the HIPAA Security Rule and HITECH Breach Notification Rule.  Additionally, the protocol covered the HIPAA Privacy Rule's requirements for the following:

  • Notice of Privacy Practices for PHI;
  • Rights to Request Privacy Protection for PHI;
  • Access of individuals to PHI;
  • Administrative Requirements;
  • Uses and Disclosures of PHI;
  • Amendment of PHI; and
  • Accounting of disclosures.

Of particular relevance, the Protocol identifies the procedures and questions on which auditors should focus when conducting HIPAA audits.  In doing this, the Protocol emphasizes the issues of particular importance to OCR and reveals areas of potential compliance enforcement concentration.  It also serves as a guideline for health providers to use when reviewing and updating their compliance programs.

In addition to aiding compliance efforts, the Protocol may also help health care providers avoid significant financial penalties. One of the HITECH Act's most daunting provisions greatly increased penalties for HIPAA violations occurring after February, 2009. The civil money penalties for violating HIPAA privacy standards, which were previously set at $100 per violation with an annual cap of $25,000, have been increased to $50,000 per violation with an annual $1,500,000 cap.

For more information about how to utilize the audit Protocol to update and streamline your compliance program, please contact one of Foster Swift’s health care law experts.

Authors

Categories

Recent Posts

Jump to Page

Foster Swift Collins & Smith PC Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek