With the
Department of Health and Human Services Office for Civil Rights or OCR starting
its pilot phase of the HIPAA Privacy and Security Audit Program, an audit will
begin for 150 covered entities. There is a speculation as to whether the
business associates of the covered entities will be audited as well. The OCR
will audit the applied protocols and evaluate any weaknesses in the program
besides promoting the best practices. This progression will help the OCR as a
guide to collect information on how to conduct and direct HIPAA compliance
audits for business associates and covered entities for the future.
Whether
there are egregious or unintentional deficiencies, enforcement laws will be
applied according to the various levels of non-compliance to the HIPAA Privacy
and Security Audit Program. The overview displays that the American Recovery
and Reinvestment Act of 2009, in Section 13411 of the HITECH Act has
directed the HHS to conduct periodic audits to guarantee that business
associates and covered entities to comply with the HIPAA Privacy and Security
Rules and Breach Notification standards. With the specified mandate in the
progression and implementation stage, the OCR will begin in November 2011 and
would be completed by December 2012.
The program
objectives will be one of the facets of the OCR’s security, privacy and health
information program. The OCR will utilize the audit program to determine the
efforts made to comply with the protocols required by HIPAA. The final audit
process will exhibit the best practices which will be shared the OCR and serve
as a guide to identify challenges of the compliance rules faced by the covered
entities and their business associates. The security and privacy audit process
will comply with the known audit rules and the OCR will inform the chosen
entities for the auditing process to submit audit reports as well as being
available for on-site visits. Interviews will take place during site visits with
the main personnel concerned with observation and examination of the processes
for compliance. The audit reports will display the process of conducting the
audit, the findings and the response of the covered entity to any actions on
the findings. The final report will hold solutions of revised actions to the
rules of compliance and the covered entity will be given opportunities to
discuss concerns and identification of any deficits so that they can implement
the best practices.
For more information, visit http://www.usmedicaltranscriptionservice.com/ or call 1-800-723-4308
No comments:
Post a Comment