HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

OCR Releases HIPAA Privacy and Security Audit Protocol

June 27, 2012

Having completed an initial 20 HIPAA privacy and security compliance audits since last fall, and with 95 additional audits in the pipeline, OCR has just released its HIPAA privacy and security audit protocol, together with information about the audit pilot program.  As always, information like this is extremely valuable to the regulated community.  Covered entities and business associates should avail themselves of the information contained in the audit protocol and related materials so that they may prepare themselves for the eventuality of an audit or investigation — whether as part of the current audit plan or otherwise — and focus their compliance efforts.

(Links updated 06/01/2013)

From the OCR website: 

The OCR HIPAA Audit program analyzes processes, controls, and policies of selected covered entities pursuant to the HITECH Act audit mandate. OCR established a comprehensive audit protocol that contains the requirements to be assessed through these performance audits. The entire audit protocol is organized around modules, representing separate elements of privacy, security, and breach notification. The combination of these multiple requirements may vary based on the type of covered entity selected for review.

  • The audit protocol covers Privacy Rule requirements for (1) notice of privacy practices for PHI, (2) rights to request privacy protection for PHI, (3) access of individuals to PHI, (4) administrative requirements, (5) uses and disclosures of PHI, (6) amendment of PHI, and (7) accounting of disclosures.
  • The protocol covers Security Rule requirements for administrative, physical, and technical safeguards.
  • The protocol covers requirements for the Breach Notification Rule.

OCR reported on the first 20 audits it conducted as well:

OCR Audit Presentation – First 20 Audits

David Harlow
The Harlow Group LLC
Health Care Law and Consulting 

 

Filed Under: Health care policy, Health Law, HIPAA, Privacy, Security

you might also like:

  1. HIPAA Phase 2 Audit Protocol Released; More Details Emerge

  2. HIPAA Audits: OCR Finally Announces Phase 2

  3. News of first HIPAA security audit trickles out

« The Supreme Court decision on the health reform law (has not yet been issued)
SCOTUS on the ACA – The Supreme Court Rules on the Health Reform Law »

Follow me on Twitter

David Harlow πŸ’‰πŸ˜· Follow 43,482 17,473

Mastodon @healthblawg@c.im #HealthCare #MedDevice #Compliance #Privacy @MyOmnipod #HIPAA #digitalhealth #HarlowOnHC #pinksocks Tweets are tweets No more no less

healthblawg
healthblawg avatar; David Harlow πŸ’‰πŸ˜· @healthblawg ·
11h 1662576979248402432

ICYMI> QHINs, SDOH, PGHD and more with Steven Lane, CMO at Health Gorilla β€” Harlow on Healthcare https://healthblawg.com/2023/03/steven-lane-health-gorilla.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #HITsm

Image for the Tweet beginning: ICYMI>  QHINs, SDOH, PGHD Twitter feed image.
Reply on Twitter 1662576979248402432 Retweet on Twitter 1662576979248402432 0 Like on Twitter 1662576979248402432 1 Twitter 1662576979248402432
healthblawg avatar; David Harlow πŸ’‰πŸ˜· @healthblawg ·
18h 1662471271165181955

ICYMI> David Sand, CMO of ZeOmega, an #AI-infused engine for β€œpayviders” β€” Harlow on Healthcare https://healthblawg.com/2022/10/david-sand-zeomega.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #HITsm

Image for the Tweet beginning: ICYMI>  David Sand, CMO Twitter feed image.
Reply on Twitter 1662471271165181955 Retweet on Twitter 1662471271165181955 0 Like on Twitter 1662471271165181955 1 Twitter 1662471271165181955
healthblawg avatar; David Harlow πŸ’‰πŸ˜· @healthblawg ·
27 May 1662365845291429890

ICYMI> David Lareau, CEO of Medicomp Systems on TEFCA and More β€” Harlow on Healthcare https://healthblawg.com/2022/02/david-lareau-medicomp-systems.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #HITsm

Image for the Tweet beginning: ICYMI>  David Lareau, CEO Twitter feed image.
Reply on Twitter 1662365845291429890 Retweet on Twitter 1662365845291429890 0 Like on Twitter 1662365845291429890 0 Twitter 1662365845291429890
Load More
Follow me on Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2023
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]