The HHS Office for Civil Rights is doing an inadequate job of enforcing the HIPAA security rule by conducting audits, and has not properly secured its own related information systems, a report from the HHS Office of Inspector General contends.

HHS/OCR has conducted pilot audits and was expected in 2013 to significantly expand the program. The agency, however, told OIG that no funds have been appropriated to maintain a permanent audit program. “We remain concerned about OCR’s ability to comply with the HITECH audit requirement and the resulting limited assurance that ePHI is secure at covered entities because of OCR’s comment regarding limited funding for its audit mandates,” OIG replied in the report.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access