HHS/OCR Unveils the Protocol for HIPAA Privacy & Security Audits
The HHS Office for Civil Rights on June 26 issued the following notice on the protocol being used to conduct HIPAA Privacy and Security Rule audits:
The HHS Office for Civil Rights on June 26 issued the following notice on the protocol being used to conduct HIPAA Privacy and Security Rule audits:
Today, OCR posted on its website the protocol used to conduct the audits required by the HITECH Act. The OCR HIPAA Audit program analyzes key processes, controls, and policies of selected covered entities pursuant to the HITECH Act audit requirement. OCR established a comprehensive audit protocol that contains the requirements to be assessed through these performance audits. The entire audit protocol is organized around modules, representing separate elements of privacy, security, and breach notification. The combination of these multiple requirements may vary based on the type of covered entity selected for review.
* The audit protocol covers Privacy Rule requirements for (1) notice of privacy practices for PHI, (2) rights to request privacy protection for PHI, (3) access of individuals to PHI, (4) administrative requirements, (5) uses and disclosures of PHI, (6) amendment of PHI, and (7) accounting of disclosures.
* The protocol covers Security Rule requirements for administrative, physical, and technical safeguards.
* The protocol covers requirements for the Breach Notification Rule.
Please visit the website at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/index.html to learn more about the OCR HIPAA Audit Program and to access the audit protocol.
Today, OCR posted on its website the protocol used to conduct the audits required by the HITECH Act. The OCR HIPAA Audit program analyzes key processes, controls, and policies of selected covered entities pursuant to the HITECH Act audit requirement. OCR established a comprehensive audit protocol that contains the requirements to be assessed through these performance audits. The entire audit protocol is organized around modules, representing separate elements of privacy, security, and breach notification. The combination of these multiple requirements may vary based on the type of covered entity selected for review.
* The audit protocol covers Privacy Rule requirements for (1) notice of privacy practices for PHI, (2) rights to request privacy protection for PHI, (3) access of individuals to PHI, (4) administrative requirements, (5) uses and disclosures of PHI, (6) amendment of PHI, and (7) accounting of disclosures.
* The protocol covers Security Rule requirements for administrative, physical, and technical safeguards.
* The protocol covers requirements for the Breach Notification Rule.
Please visit the website at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/index.html to learn more about the OCR HIPAA Audit Program and to access the audit protocol.
More for you
Loading data for hdm_tax_topic #better-outcomes...