Tuesday, November 8, 2011

OCR Launches Privacy and Security Audits

This just crossed my desk

From: OCR HIPAA Privacy Rule information distribution [mailto:OCR-PRIVACY-LIST@LIST.NIH.GOV] On Behalf Of OS OCR PrivacyList, OCR (HHS/OS)
Sent: Tuesday, November 08, 2011 8:39 AM
To: OCR-PRIVACY-LIST@LIST.NIH.GOV
Subject: OCR Launches Privacy and Security Audits

November 8, 2011

The American Recovery and Reinvestment Act of 2009, in Section 13411 of the HITECH Act, requires HHS to provide for periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards.  To implement this mandate, OCR is piloting a program to perform up to 150 audits of covered entities to assess privacy and security compliance.   Audits conducted during the pilot phase will begin in November 2011 and conclude by December 2012.

More information regarding OCR’s Pilot Audit Program is available on the OCR website at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/index.html