Legal Nurse Consultants in the HITECH World of Risk Management
The Health Insurance Portability and Accountability Act ofl996 (HIPAA) instituted central national guidelines for security of protected health information (PHI). The Health Information Technology for Economic and Clinical Health Act (HITECH) instituted breach notification guidelines to provide transparency for those whose data may be at risk.
HITECH requires the United States Department of Health and Human Services (HHS) Office for Civil Rights (OCR) to audit covered entities and business associates for compliance with HIPAA Privacy, Security, and Breach Notification Rules. In 2011 and 2012, OCR did pilot programs assessing processes of 115 covered entities to comply with HIPAA. OCR then assessed effectiveness of the programs.
Using evaluation results, in continued effort to assess compliance, OCR announced phase 2 has started, which will audit covered entities and business associates. OCR is creating improved sets of instructions to be used in audits and engaging a new approach to examine the efficacy of evaluating compliance efforts of the HIPAA regulated industry
The OCR states, “Audits are an important compliance tool for OCR that supplements OCR’s other enforcement tools, such as complaint investigations and compliance reviews.” Auditing covered entities allows OCR to “proactively uncover and address risks and vulnerabilities to protected health information.
If you find this newsletter helpful, please share it with colleagues, or direct them to our website.