Magazine article Medical Economics

Office of Civil Rights Hipaa Audits

Magazine article Medical Economics

Office of Civil Rights Hipaa Audits

Article excerpt


PHASE II U.S. Health Information Portability and Accountability Act (HIPAA) Audits by the Office for Civil Rights (OCR) -which were supposed to begin in the summer of 2014-appear finally to have begun. HIPAA and the Health Information Technology for Economic and Clinical Health Act (HITECH) are very nuanced laws and the fines for not complying can be significant.Take the Phase II Audits as a signal that OCR is becoming more serious about enforcement of HIPAA rules and policies.

According to OCR's website, the "HIPAA Audit program analyzes processes, controls, and policies of selected covered entities pursuant to the HITECH Act audit mandate.

The audit protocol covers Privacy Rule requirements for (1 ) notice of privacy practices for [protected health information] (PHI), (2) rights to request privacy protection for PHI, (3) access of individuals to PHI, (4) administrative requirements, (5) uses and disclosures of PHI, (6) amendment of PHI, and (7) accounting of disclosures.

The protocol covers Security Rule requirements for administrative, physical, and technical safeguards.

The protocol covers requirements for the Breach Notification Rule."

There are several notable differences between the Phase I and Phase II Audits. Phase I reviewed all of the HIPAA standards, while Phase II will focus on the key noncompliance areas identified in Phase I, as well as those areas associated with the security of PHI.

Another purpose is to discern best practices. On the flip side, an entity, whether a covered entity or business associate, may be subject to civil monetary penalties in the event that a significant compliance concern is revealed. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.