HIPAA Audit Protocols Released

This year, 115 audits will take place under a new pilot program designed to ensure compliance with HIPAA.  Any entity subject to HIPAA is subject to audit, and the program will likely expand substantially in 2013.  As a result, all healthcare professionals need to be concerned about HIPAA audits.

Beginning in 2013, DHS will include business associates in their audit procedures.  This means that businesses engaged in service contracts with healthcare entities should evaluate their potential eligibility for audit.

DHS has recently released its HIPAA audit protocol (available here).  The audit protocol is highly comprehensive and addresses the full spectrum of HIPAA concerns. It includes modules to measure compliance with seven separate requirements under the Privacy Rule, as well as requirements for technical, physical, and administrative safeguards under the Security Rule.  The protocol also includes modules designed to measure compliance with the requirements of the Breach Notification Rule.  Healthcare organizations should regularly engage in “practice” audits to ensure that they comply with all of these requirements.  The release of these protocols will be a valuable tool in ensuring that practice audits are sufficiently rigorous and focused to provide meaningful results.

© 2012 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com