Clearwater Compliance, a leading HIPAA-HITECH consultancy, today announced the publication of a White Paper entitled “The 2012 HIPAA Audits:Will the Past Predict the Future?” The White Paper is based on the premise that understanding the possible impact of the upcoming privacy and security audits will lead organizations to better prepare for audits and, more importantly, assure their compliance with the regulations. Here’s today’s big tip — Benefit from our expertise; prepare for the audits! …
Clearwater Compliance, a leading HIPAA-HITECH consultancy, today announced the publication of a White Paper entitled “The 2012 HIPAA Audits:Will the Past Predict the Future?” The White Paper is based on the premise that understanding the possible impact of the upcoming privacy and security audits will lead organizations to better prepare for audits and, more importantly, assure their compliance with the regulations.
Section 13411 of the HITECH Act requires the Secretary of Health and Human Services (HHS) to “provide for periodic audits to ensure that covered entities and business associates that are subject to the requirements of this subtitle and subparts C and E of part 164 of title 45, Code of Federal Regulations, as such provisions are in effect as of the date of enactment of this Act, comply with such requirements.” That means compliance with the HIPAA Privacy and Security Final Rules.
On June 10, 2011, the Office for Civil Rights (OCR) awarded Virginia-based audit firm KPMG a $9.2 million contract related to the development of an audit program to be undertaken on 150 covered entities (CEs) in 2012. This White Paper from Clearwater Compliance reviews agency audit and other enforcement activities from 2003 to 2011, identifies what is known about the 2012 audits, extracts some insights from the historic agency audit and enforcement activities, and draws some conclusions and possible ramifications resulting from the upcoming KPMG audits. This White Paper also offers commentary on best practices for covered entities heading into the 2012 audits and recommends several practical, actionable initiatives that organizations should consider to prepare for the audits in order to become and/or remain compliant with HIPAA and HITECH.
Among the principal findings of the report, based on prior agency audits, that should be considered when preparing for the 2012 audits is that both CMS and HHS-OIG presented their audit reports with analysis that went far beyond the black letter of the Privacy Rule and the Security Rule. Previous agency audits included reference to and reliance upon documents outside the black letter of the Rules, treating those documents with as much weight and authority as if the documents were akin to regulations.
This White Paper is the first in a series addressing the increasingly complex business risk management issue of HIPAA-HITECH compliance. Enjoy the White Paper which can be found at http://abouthipaa.com/about-hipaa/hipaa-audit-help/
Wanna be even more hip on HIPAA? Learn more…
The complete HIPAA Privacy, Security and Breach regulations are here.
If you’d like keep up to date on Risk Analysis or HIPAA-HITECH in general, please also consider (all optional!):
- Joining our AboutHIPAA LinkedIn Group: http://AboutHIPAALI.org
- Following me: http://www.twitter.com/ClearwaterHIPAA
- Subscribing to our eNewsletter: https://clearwatercompliance.com/resources/newsletters/
- Subscribing to our RSS feed: Clearwater HIPAA Compliance Blog
- Checking our company web site: http://clearwatercompliance.com/
- Attending a HIPAA HITECH live webinar: http://abouthipaa.com/webinars/upcoming-live-webinars/
- Attending a HIPAA HITECH Blue Ribbon Panel Live Web Event: http://abouthipaa.com/webinars/blue-ribbon-panel-live-events/
- Viewing a pre-recorded webinar: http://abouthipaa.com/webinars/on-demand-webinars/
Latest posts by Bob Chaput (see all)
- Making the case for comprehensive cyber-risk strategies: 10 startling facts that will spur C-suite action - August 8, 2016
- Building Capability and Capacity to Take on Healthcare’s Evolving Security Threats - August 5, 2016
- HIPAA Risk Analysis Tip – The Biggest Risk Management Surprises in the 2016 OCR Audit Protocol - April 11, 2016