Auditing Covered Entities Ender HIPAA | Alice G. Gosfield & Associates, PC

Phone (215) 735-2384

On June 26, 2012, the Department of Health and Human Services' Office of Civil Rights ("OCR") released the audit protocols it is using in auditing covered entities under HIPAA, which is relevant to increased enforcement of the privacy rules. The information, located here, includes audit protocols for both the Security Rule and the Privacy Rule (including the Breach Notification provisions), broken down by Federal Regulation section. For example, when auditing covered entities with respect to their use of de-identified information, auditors are instructed to ask the covered entity’s management team whether a policy or procedure exists to de-identify protected health information, to review such policies and procedures in relation to regulatory criteria, and to verify that they are updated and presented to the covered entity’s workforce. This release provides insight into the OCR’s concerns regarding HIPAA and can assist covered entities in developing their own HIPAA compliance programs. Since even small physician practices have been subjects of enforcement, compliance with the privacy and security rules is yet a new imperative.

Latest Issues

Follow our opinions on the latest issues affecting health care regulation.

› Read Latest Issues

Speeches

› Teleconference Registration

Products

Expand your reference library and your expertise in health care regulation.

› Browse Products

Stay up to date on health care regulation issues by becoming a member.

› Subscribe

Alice G. Gosfield and Associates, P.C. (“AGGA”) reserves the right to change the information on this website without notice. We make no representations about the accuracy or completeness of the information on this website or that material available from this site is free of viruses. Links on this website to other websites are for informational purposes only. They are not intended to constitute endorsements of or referrals to the entities or the products of the entities to which the links connect. AGGA is not responsible for the privacy practices of other web sites.

Access to this website shall not create nor be construed to create any attorney-client or business associate relationship between persons accessing the site and AGGA or any of its attorneys. The materials published and made available on this website are for information purposes only and should not be construed as legal advice or legal opinion on any specific facts or circumstances. Users of and visitors to the website should not act upon information on the website without first seeking legal counsel.

If you have any questions about this Disclaimer or the Website Privacy Policy, please contact us at info@gosfield.com.