By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    benefits of using protein powder to build muscles
    Protein Powder for Muscle Mass: Everything You Need to Know
    December 12, 2021
    changes brought on by blockchain in healthcare
    Technology In The Healthcare Industry
    March 28, 2022
    What Does Core Body Temperature Say About Health?
    August 17, 2022
    Latest News
    Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
    May 16, 2025
    Learn how to Renew your Medical Card in West Virginia
    May 16, 2025
    Choosing the Right Supplement Manufacturer for Your Brand
    May 1, 2025
    Engineering Temporary Hospitals for Extreme Weather
    April 24, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    FDA Approves Diabetes Pill
    May 2, 2011
    Patient Gets Drunk on Hand Sanitizer
    June 20, 2011
    Cultivating Health Improvement
    July 20, 2011
    Latest News
    Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
    May 18, 2025
    The Critical Role of Healthcare in Personal Injury Recovery: A Comprehensive Guide for Victims
    May 14, 2025
    The Backbone of Successful Trials: Clinical Data Management
    April 28, 2025
    Advancing Your Healthcare Career through Education and Specialization
    April 16, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: The HIPAA Police Are On Their Way!
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > The HIPAA Police Are On Their Way!
eHealth

The HIPAA Police Are On Their Way!

onlinetech
Last updated: November 17, 2012 7:35 am
onlinetech
Share
6 Min Read
OCR HIPAA Audit Protocol
SHARE

One of the lesser known requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act requires the U.S.

One of the lesser known requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act requires the U.S. Department of Health and Human Services (HHS) to conduct periodic audits to ensure that healthcare organizations and their business associates are complying with HIPAA laws.

Running from November 2011 to December 2012, the HHS Office for Civil Rights (OCR) launched a pilot program by selecting 115 organizations across the country to undergo the scrutiny of privacy, security and breach notification audits conducted by KPMG, one of the largest auditor organizations in the world.

The OCR does not plan to penalize targets for pilots unless they uncover “serious compliance issues.” The HITECH Act has civil penalties for HIPAA violations that can reach $50,000 per violation and up to $1.5 million for identical violations across multiple records in a single calendar year. As the OCR audit program moves from pilot to a fully enforced program in 2013, the number of surprise audits and fines are expected to skyrocket.

More Read

3 Pathology Synoptic Reporting Examples
Medical Mistakes: To Err Is Human – Yes and No?
New Study Contradicts ‘Conclusion’ about Lab Studies
ACO Is Not One Size Fits All
SAS and GSK Pull Big Pharma Into Big Data Collaboration

In June 2012, the OCR released a copy of the protocol it is using to audit organizations against HIPAA compliance in their pilot program. The protocol provides a breakdown of specific audit criteria they are currently using for the latest HIPAA audits. The protocol includes 169 specific performance criteria organized around compliance in three areas: the HIPAA Privacy Rule, Security Rule and Breach Notification Rule.

OCR HIPAA Audit Protocol

OCR HIPAA Audit Protocol (Source: HHS.gov)

The initial audit is targeted toward covered entities (such as healthcare providers, health plans, and healthcare clearinghouses) during the 2012 pilot program. Business associates such as data center operators and cloud computing providers were not included in the pilot program, but are expected to be included in audits starting next year.

Data center operators and cloud providers that host Electronic Protected Health Information (ePHI) in their data centers are considered business associates under HIPAA law. As such, any company hosting ePHI can be subject to future audits and potential seven-figure fines by the OCR.

Multi-tenant data center and cloud operators must protect themselves and their healthcare clients from violating HIPAA laws. Most healthcare providers and health IT companies require HIPAA compliance from their hosting provider.

HIPAA compliance is no small investment. Data center operators must not only deliver the technology to meet the administrative, physical and technical safeguards required by the HIPAA security rule, they must also invest in policies, training, breach notification processes, legal support for business associates agreements, and HIPAA breach insurance.  In addition, the organization must commit to consistently monitoring the safeguards and processes to ensure the security of ePHI.

One of the best assurances healthcare clients can get that the appropriate technology, processes and policies are in place is by reviewing the data center’s annual HIPAA audit report on compliance. The HIPAA audit should be conducted by a reputable third-party auditor and cover all 169 requirements of the HIPAA law.

Up through early 2012, there was no standard for third-party auditors to conduct a HIPAA audit. There have been a number of audit approaches used to help ensure compliance with the HIPAA laws. With the publication of the new OCR audit program protocol auditors are able to gain a more consistent direction on how the OCR will conduct HIPAA audits in the future. The new protocol should guide independent auditors to adjust their auditing standards against the federal governing body of HIPAA.

While no one enjoys the threat of a government-sponsored audit program, and even worse, the possibility of multi-million dollar fines, the U.S. government is demonstrating that they are taking HIPAA law enforcement seriously – and so should data center operators, as well as the healthcare organizations that use the services of data center operators.

Since healthcare clients are facing multi-million dollar fines for violations of HIPAA law by their business associates, these companies are requiring data centers and cloud providers to provide an annual third-party independent HIPAA report on compliance.

With audit guidance in place from the OCR, it won’t be long before the healthcare industry raises the bar on third-party audit requirements to include adherence to the new OCR HIPAA Audit Program Protocol.

View the complete OCR HIPAA Audit Protocol program, including all 169 criteria and respective audit procedures at HHS.gov.

This article was published in DataCenterKnowledge.com’s Industry Perspectives column on November 15, 2012.



 


 


TAGGED:HIPAA
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

Do You Grind Your Teeth at Night? Here’s How Night Guards and TMJ Treatments Can Help
Do You Grind Your Teeth at Night? Here’s How Night Guards and TMJ Treatments Can Help
Dental health
May 21, 2025
The Secret To A Confident Smile: Top Tips For Better Teeth
The Secret To A Confident Smile: Top Tips For Better Teeth
Dental health
May 21, 2025
Clinical Expertise
Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
Health care
May 18, 2025
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Health
May 15, 2025

You Might also Like

eHealth

How Physicians Utilize Digital Media for Patient Interaction: Infographic

October 10, 2012
telemedicine telehealth
eHealth

Reimbursement and Convenience Fuel Virtual Healthcare Trend

October 17, 2016
Online hospital appointments
eHealth

The Online Hospital Appointment Process: Insights and Numbers

October 7, 2013
eHealthMedical InnovationsTechnology

The Advancements That Are Changing Medical Tech

October 19, 2018
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?