The U.S. Department of Health and Human Services Office of Civil Rights (OCR) has recently published its protocol to use when auditing covered entities for compliance with HIPAA. The protocol includes procedures to assess compliance with various HIPAA Privacy Rule requirements, Security Rule Requirements, and Breach Notification Rule Requirements. For example, one of the procedures for assessing compliance with the notice of privacy practices requirements is to inquire of management as to whether the covered entity provides individuals with notice of the potential uses and disclosures of protected health information. The OCR would also obtain and review the notice of privacy practices and evaluate its content.
OCR Publishes HIPAA Audit Protocols
OCR Publishes HIPAA Audit Protocols
Tuesday, July 3, 2012