• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy Blog

  • Home
  • Services
  • Events
  • Contacts

HHS/OCR Posts HIPAA Privacy, Security and Breach Notification Audit Protocol

June 26, 2012 By Privacy & Data Security Team

In our November 30, 2011 and March 7, 2012 posts, we discussed the HHS Office for Civil Rights (OCR) audit pilot program, which began in November 2011 and is expected to conclude in December 2012. The audit program has been developed pursuant to the requirements of the HITECH Act. Under the audit pilot program, OCR conducted an initial 20 audits, with on-site field work completed in March 2012. It will conduct an additional 95 audits as part of the pilot program, for a total of 115 audits through December 2012.

Today, OCR released on its website the comprehensive audit protocol that it developed for the audit program. According to OCR, the audit program is designed to analyze key processes, controls and policies of the audited covered entities. OCR’s audit protocol contains the requirements to be assessed in the audits, and is organized around modules that represent separate elements of the Privacy, Security and Breach Notification Rules. It covers the requirements of the Breach Notification Rule; the Security Rule requirements for administrative, physical and technical safeguards; and the Privacy Rule requirements for (1) a notice of privacy practices, (2) right of an individual to request privacy protection for protected health information (PHI), (3) right of an individual to access his/her PHI, (4) administrative requirements, (5) uses and disclosures of PHI; (6) amendment of PHI and an individual’s right to request amendment of PHI; and (7) accounting of disclosures.

Filed Under: Health Privacy, Privacy, Workplace Privacy Tagged With: HIPAA, HITECH

Reader Interactions

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy & Data Security team and focuses on key data privacy and data security issues.


Countdown to CCPA Effective Date


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


PRIVACY MAILINGS
Click Here to Sign Up

FOLLOW US
on Twitter Click Here


Secondary Sidebar

Categories

Recent Posts

  • Critical Audit Matters Disclosure Implicates Information Technology and Security
  • SHIELD Act Overhauls New York’s Data Breach Notification Framework
  • Alston & Bird Details 21 Potentially Significant Impacts from Draft CCPA Regulations
  • California Releases Proposed CCPA Regulations
  • Senior Privacy, Cybersecurity Partner Wim Nauwelaerts Joins Alston & Bird
Copyright © 2019 · Alston & Bird · All Rights Reserved. Privacy.
This website uses cookies to improve functionality and performance. By continuing to browse this site, you are consenting to the use of cookies on this website. OkCookie policy