Pilot Program Started to Audit HIPAA Privacy Rule Compliance
Audits conducted during the pilot phase began November 2011 and will conclude by December 2012, according to OCR.
OCR says selections in the initial round of audits will be designed to provide “a broad assessment of a complex and diverse health care industry,” including covered individual and organizational providers of health services, health plans of all sizes and functions, and health care clearinghouses. “We expect covered entities to provide the auditors their full cooperation and support and remind them of their cooperation obligations under the HIPAA Enforcement Rule,” OCR says.
The audit program will examine mechanisms for compliance, identify best practices and discover risks and vulnerabilities that may not have come to light through OCR’s ongoing complaint investigations and compliance reviews, the agency says.