By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    headphones can create health problems
    The Harmful Health Effects of Using Headphones
    September 24, 2021
    Headache causes
    4 Causes Of Headache You Probably Didn’t Know About
    December 28, 2021
    follow these steps to recover from your injury
    What Steps Should You Take to Recover More Quickly from an Injury?
    April 12, 2022
    Latest News
    7 Most Common Healthcare Accreditation Programs: Which Should You Use?
    August 20, 2025
    Hospital Pest Control and the Fight Against Superbugs
    August 20, 2025
    Hygiene Beyond The Clinic: Attention To Overlooked Non-Clinical Spaces
    August 13, 2025
    5 Steps to a Promising Career as a Healthcare Administrator
    August 3, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    private
    Private Exchanges: Getting Ready for Individual Health Insurance to Be the Standard
    January 9, 2014
    valueable healthcare programs
    5 Most Valuable Healthcare Programs in 2023
    March 8, 2023
    Johnson & Johnson to Release Clinical Trial Data in Agreement with Yale Medical School
    February 4, 2014
    Latest News
    How Social Security Disability Shapes Access to Care and Everyday Health
    August 22, 2025
    How a DUI Lawyer Can Help When Your Future Health Feels Uncertain
    August 22, 2025
    How One Fall Can Lead to a Long Road of Medical Complications
    August 22, 2025
    How IT and Marketing Teams Can Collaborate to Protect Patient Trust
    July 17, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: The HIPAA Police Are On Their Way!
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > The HIPAA Police Are On Their Way!
eHealth

The HIPAA Police Are On Their Way!

onlinetech
onlinetech
Share
6 Min Read
OCR HIPAA Audit Protocol
SHARE

One of the lesser known requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act requires the U.S.

One of the lesser known requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act requires the U.S. Department of Health and Human Services (HHS) to conduct periodic audits to ensure that healthcare organizations and their business associates are complying with HIPAA laws.

Running from November 2011 to December 2012, the HHS Office for Civil Rights (OCR) launched a pilot program by selecting 115 organizations across the country to undergo the scrutiny of privacy, security and breach notification audits conducted by KPMG, one of the largest auditor organizations in the world.

The OCR does not plan to penalize targets for pilots unless they uncover “serious compliance issues.” The HITECH Act has civil penalties for HIPAA violations that can reach $50,000 per violation and up to $1.5 million for identical violations across multiple records in a single calendar year. As the OCR audit program moves from pilot to a fully enforced program in 2013, the number of surprise audits and fines are expected to skyrocket.

More Read

HHS Reform Timelines…Wiggle Room In Sight?
Cybersecurity in Medical Devices: Paranoia, or a Tangible Threat?
Please Choose ’1′ for Dr. X or ’2′ for Dr. Y for Your Telemedicine Consult
Mobile Medical Device Connects OR to Content and Reps
How Soon Will Healthcare Connect Machine Learning with Consumers?

In June 2012, the OCR released a copy of the protocol it is using to audit organizations against HIPAA compliance in their pilot program. The protocol provides a breakdown of specific audit criteria they are currently using for the latest HIPAA audits. The protocol includes 169 specific performance criteria organized around compliance in three areas: the HIPAA Privacy Rule, Security Rule and Breach Notification Rule.

OCR HIPAA Audit Protocol

OCR HIPAA Audit Protocol (Source: HHS.gov)

The initial audit is targeted toward covered entities (such as healthcare providers, health plans, and healthcare clearinghouses) during the 2012 pilot program. Business associates such as data center operators and cloud computing providers were not included in the pilot program, but are expected to be included in audits starting next year.

Data center operators and cloud providers that host Electronic Protected Health Information (ePHI) in their data centers are considered business associates under HIPAA law. As such, any company hosting ePHI can be subject to future audits and potential seven-figure fines by the OCR.

Multi-tenant data center and cloud operators must protect themselves and their healthcare clients from violating HIPAA laws. Most healthcare providers and health IT companies require HIPAA compliance from their hosting provider.

HIPAA compliance is no small investment. Data center operators must not only deliver the technology to meet the administrative, physical and technical safeguards required by the HIPAA security rule, they must also invest in policies, training, breach notification processes, legal support for business associates agreements, and HIPAA breach insurance.  In addition, the organization must commit to consistently monitoring the safeguards and processes to ensure the security of ePHI.

One of the best assurances healthcare clients can get that the appropriate technology, processes and policies are in place is by reviewing the data center’s annual HIPAA audit report on compliance. The HIPAA audit should be conducted by a reputable third-party auditor and cover all 169 requirements of the HIPAA law.

Up through early 2012, there was no standard for third-party auditors to conduct a HIPAA audit. There have been a number of audit approaches used to help ensure compliance with the HIPAA laws. With the publication of the new OCR audit program protocol auditors are able to gain a more consistent direction on how the OCR will conduct HIPAA audits in the future. The new protocol should guide independent auditors to adjust their auditing standards against the federal governing body of HIPAA.

While no one enjoys the threat of a government-sponsored audit program, and even worse, the possibility of multi-million dollar fines, the U.S. government is demonstrating that they are taking HIPAA law enforcement seriously – and so should data center operators, as well as the healthcare organizations that use the services of data center operators.

Since healthcare clients are facing multi-million dollar fines for violations of HIPAA law by their business associates, these companies are requiring data centers and cloud providers to provide an annual third-party independent HIPAA report on compliance.

With audit guidance in place from the OCR, it won’t be long before the healthcare industry raises the bar on third-party audit requirements to include adherence to the new OCR HIPAA Audit Program Protocol.

View the complete OCR HIPAA Audit Protocol program, including all 169 criteria and respective audit procedures at HHS.gov.

This article was published in DataCenterKnowledge.com’s Industry Perspectives column on November 15, 2012.



 


 


TAGGED:HIPAA
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

engineer fitting prosthetic arm
How Social Security Disability Shapes Access to Care and Everyday Health
Health care
August 20, 2025
a woman explaining the document
How a DUI Lawyer Can Help When Your Future Health Feels Uncertain
Public Health
August 20, 2025
physiotherapist at work
How One Fall Can Lead to a Long Road of Medical Complications
Health care
August 20, 2025
Common Healthcare Accreditation Programs
7 Most Common Healthcare Accreditation Programs: Which Should You Use?
Health News
August 20, 2025

You Might also Like

Getting Young Invincibles to Buy Health Insurance?

March 16, 2014

Massively Open Online Medicine: Bad Idea or Just Before Its Time?

May 7, 2013

Keep the Social Media Conversation Moving

October 21, 2014

What Every Doctor & Administrator Should Know About a Physician’s Reputation:

July 30, 2012
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?