By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    mosquito misting spray to fight malaria
    Avoid Malaria with Mosquito Misting Systems
    June 12, 2023
    Medical Surveys
    Beyond the Clinic: Medical Surveys Are a Roadmap to Passive Income for Doctors
    September 23, 2023
    Glutathione
    What Are The Benefits of Glutathione?
    January 22, 2024
    Latest News
    6 Easy Healthcare Ways to Sit Less and Move More Every Day
    September 10, 2025
    7 Most Common Healthcare Accreditation Programs: Which Should You Use?
    August 20, 2025
    Hospital Pest Control and the Fight Against Superbugs
    August 20, 2025
    Hygiene Beyond The Clinic: Attention To Overlooked Non-Clinical Spaces
    August 13, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Tips for Older Travelers
    April 14, 2012
    Anti-RUC Suit Challenges Process for Setting Doc Pay Scales
    October 25, 2011
    Math Matters: Dosing Errors Can Be Deadly
    May 1, 2012
    Latest News
    Healthcare at a Crossroads: Why Leadership Matters More Than Ever
    September 9, 2025
    How Social Security Disability Shapes Access to Care and Everyday Health
    August 22, 2025
    How a DUI Lawyer Can Help When Your Future Health Feels Uncertain
    August 22, 2025
    How One Fall Can Lead to a Long Road of Medical Complications
    August 22, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: The HIPAA Police Are On Their Way!
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > The HIPAA Police Are On Their Way!
eHealth

The HIPAA Police Are On Their Way!

onlinetech
onlinetech
Share
6 Min Read
OCR HIPAA Audit Protocol
SHARE

One of the lesser known requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act requires the U.S.

One of the lesser known requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act requires the U.S. Department of Health and Human Services (HHS) to conduct periodic audits to ensure that healthcare organizations and their business associates are complying with HIPAA laws.

Running from November 2011 to December 2012, the HHS Office for Civil Rights (OCR) launched a pilot program by selecting 115 organizations across the country to undergo the scrutiny of privacy, security and breach notification audits conducted by KPMG, one of the largest auditor organizations in the world.

The OCR does not plan to penalize targets for pilots unless they uncover “serious compliance issues.” The HITECH Act has civil penalties for HIPAA violations that can reach $50,000 per violation and up to $1.5 million for identical violations across multiple records in a single calendar year. As the OCR audit program moves from pilot to a fully enforced program in 2013, the number of surprise audits and fines are expected to skyrocket.

More Read

Shorter Wait in the ER Just a Click Away with Startup’s Virtual Waiting Service
Liking, Following, Linking, Tagging, Stumbling: Social Media is Changing the Nature of Health-Related Interactions
SickKids & Social Media: Interview with Janice Nicholson
All The Ingredients You Need For A Successful Health Insurance App
Personal v Professional Physician Social Media

In June 2012, the OCR released a copy of the protocol it is using to audit organizations against HIPAA compliance in their pilot program. The protocol provides a breakdown of specific audit criteria they are currently using for the latest HIPAA audits. The protocol includes 169 specific performance criteria organized around compliance in three areas: the HIPAA Privacy Rule, Security Rule and Breach Notification Rule.

OCR HIPAA Audit Protocol

OCR HIPAA Audit Protocol (Source: HHS.gov)

The initial audit is targeted toward covered entities (such as healthcare providers, health plans, and healthcare clearinghouses) during the 2012 pilot program. Business associates such as data center operators and cloud computing providers were not included in the pilot program, but are expected to be included in audits starting next year.

Data center operators and cloud providers that host Electronic Protected Health Information (ePHI) in their data centers are considered business associates under HIPAA law. As such, any company hosting ePHI can be subject to future audits and potential seven-figure fines by the OCR.

Multi-tenant data center and cloud operators must protect themselves and their healthcare clients from violating HIPAA laws. Most healthcare providers and health IT companies require HIPAA compliance from their hosting provider.

HIPAA compliance is no small investment. Data center operators must not only deliver the technology to meet the administrative, physical and technical safeguards required by the HIPAA security rule, they must also invest in policies, training, breach notification processes, legal support for business associates agreements, and HIPAA breach insurance.  In addition, the organization must commit to consistently monitoring the safeguards and processes to ensure the security of ePHI.

One of the best assurances healthcare clients can get that the appropriate technology, processes and policies are in place is by reviewing the data center’s annual HIPAA audit report on compliance. The HIPAA audit should be conducted by a reputable third-party auditor and cover all 169 requirements of the HIPAA law.

Up through early 2012, there was no standard for third-party auditors to conduct a HIPAA audit. There have been a number of audit approaches used to help ensure compliance with the HIPAA laws. With the publication of the new OCR audit program protocol auditors are able to gain a more consistent direction on how the OCR will conduct HIPAA audits in the future. The new protocol should guide independent auditors to adjust their auditing standards against the federal governing body of HIPAA.

While no one enjoys the threat of a government-sponsored audit program, and even worse, the possibility of multi-million dollar fines, the U.S. government is demonstrating that they are taking HIPAA law enforcement seriously – and so should data center operators, as well as the healthcare organizations that use the services of data center operators.

Since healthcare clients are facing multi-million dollar fines for violations of HIPAA law by their business associates, these companies are requiring data centers and cloud providers to provide an annual third-party independent HIPAA report on compliance.

With audit guidance in place from the OCR, it won’t be long before the healthcare industry raises the bar on third-party audit requirements to include adherence to the new OCR HIPAA Audit Program Protocol.

View the complete OCR HIPAA Audit Protocol program, including all 169 criteria and respective audit procedures at HHS.gov.

This article was published in DataCenterKnowledge.com’s Industry Perspectives column on November 15, 2012.



 


 


TAGGED:HIPAA
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

a woman walking on the hallway
6 Easy Healthcare Ways to Sit Less and Move More Every Day
Health
September 9, 2025
Clinical Expertise
Healthcare at a Crossroads: Why Leadership Matters More Than Ever
Global Healthcare
September 9, 2025
travel nurse in north carolina
Balancing Speed and Scope: Choosing the Nursing Degree That Fits Your Goals
Nursing
September 1, 2025
intimacy
How to Keep Intimacy Comfortable as You Age
Relationship and Lifestyle Senior Care
September 1, 2025

You Might also Like

Interpreting Physician Rating Websites: Garbage IN Equals Garbage OUT

February 15, 2013

The Growing Impact of Social Media on Healthcare: What Are the Risks?

January 14, 2014

Healthcare Landing Pages That Actually Work: The What, Why and How

April 18, 2013

The Real Cost of Data Breaches

March 19, 2015
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?