Starting this month, healthcare organizations will be subject to audits by the Office of Civil Rights (OCR), evaluating their compliance with the HIPAA privacy and security rules and breach notification standards.
As part of the pilot audit program, under the HITECH Act, OCR will conduct up to 150 audits from November 2011 to December 2012 to assess privacy and security compliance. Auditors will conduct a site visit, interview key personnel, and record results in reports that will be shared with the organization and the OCR.
Who will be targeted? "Every covered entity and business associate is eligible for an audit," states the Health & Human Services website. OCR plans on selecting a broad range of healthcare entities in organization type and size.
OCR hopes to glean best practices, as well as areas of risk for health information breaches.
"The audit program represents one more avenue by which OCR ensures compliance with HIPAA protections of health information to the benefit of consumers," states the website.
OCR will continue to accept complaints of possible HIPAA violations.
For more information:
- read the HHS website
Majority of consumers skeptical about EHR use
Stolen patient records call for better communication
Despite massive patient record breach, SAIC wins $15M HHS contract
Healthcare industry poorly protecting patient privacy