FacebookTwitterLinkedInEmailPrint
This entry is part 2 of 27 in the series HIPAA Audit Tips

Clearwater Compliance, a leading HIPAA-HITECH consultancy, today announced the publication of a White Paper entitled “The 2012 HIPAA Audits:Will the Past Predict the Future?”  The White Paper is based on the premise that understanding the possible impact of the upcoming privacy and security audits will lead organizations to better prepare for audits and, more importantly, assure their compliance with the regulations. Here’s today’s big tip — Benefit from our expertise; prepare for the audits! 

“The 2012 HIPAA Audits:Will the Past Predict the Future?” | HIPAA Audit TipsClearwater Compliance, a leading HIPAA-HITECH consultancy, today announced the publication of a White Paper entitled “The 2012 HIPAA Audits:Will the Past Predict the Future?”  The White Paper is based on the premise that understanding the possible impact of the upcoming privacy and security audits will lead organizations to better prepare for audits and, more importantly, assure their compliance with the regulations.

Section 13411 of the HITECH Act requires the Secretary of Health and Human Services (HHS) to “provide for periodic audits to ensure that covered entities and business associates that are subject to the requirements of this subtitle and subparts C and E of part 164 of title 45, Code of Federal Regulations, as such provisions are in effect as of the date of enactment of this Act, comply with such requirements.”  That means compliance with the HIPAA Privacy and Security Final Rules.

On June 10, 2011, the Office for Civil Rights (OCR) awarded Virginia-based audit firm KPMG a $9.2 million contract related to the development of an audit program to be undertaken on 150 covered entities (CEs) in 2012.  This White Paper from Clearwater Compliance reviews agency audit and other enforcement activities from 2003 to 2011, identifies what is known about the 2012 audits, extracts some insights from the historic agency audit and enforcement activities, and draws some conclusions and possible ramifications resulting from the upcoming KPMG audits.  This White Paper also offers commentary on best practices for covered entities heading into the 2012 audits and recommends several practical, actionable initiatives that organizations should consider to prepare for the audits in order to become and/or remain compliant with HIPAA and HITECH.

Among the principal findings of the report, based on prior agency audits, that should be considered when preparing for the 2012 audits is that both CMS and HHS-OIG presented their audit reports with analysis that went far beyond the black letter of the Privacy Rule and the Security Rule.  Previous agency audits included reference to and reliance upon documents outside the black letter of the Rules, treating those documents with as much weight and authority as if the documents were akin to regulations.

This White Paper is the first in a series addressing the increasingly complex business risk management issue of HIPAA-HITECH compliance.  Enjoy the White Paper which can be found at http://abouthipaa.com/about-hipaa/hipaa-audit-help/

 

Wanna be even more hip on HIPAA? Learn more…

The complete HIPAA Privacy, Security and Breach regulations are here.

If you’d like keep up to date on Risk Analysis or HIPAA-HITECH in general, please also consider (all optional!):

Series Navigation<< HIPAA Audit Tips – Getting StartedHIPAA Audit Help– We Agree with Mr. Rodriguez – How to Prepare for HIPAA Audits >>

Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.
 
FacebookTwitterLinkedInEmailPrint