The HITECH Act authorizes HHS to conduct periodic audits to ensure that covered entities and business associates are complying with the HIPAA Privacy and Security Rules. As a result, OCR, through the use of KPMG audit services, has begun to develop a pilot audit program.
Audits will give OCR an ability to assess privacy and security protections and compliance issues on a systemic level, and to identify potential vulnerabilities to help entities prevent problems before they occur. This will complement the incident-based work that HHS currently conducts with respect to investigations.
Site visits conducted as part of every audit would include interviews with leadership (e.g., CIO, Privacy Officer, legal counsel, health information management/medical records director); examination of physical features and operations; consistency of process to policy, observation of compliance with regulatory requirements
After each site visit KPMG will submit an audit report. Audit reports consist of the following information:
Best practices noted
Raw data collection materials such as completed checklists and interview notes
Future oversight recommendations
o The defect or noncompliant status observed, and evidence of each
o A clear demonstration that each negative finding is a potential violation of the Privacy or Security Rules, with citation
o The reason that the condition exists, along with identification of supporting documentation used
o Recommendations for addressing each finding
• Acknowledgement of any best practice(s) or success(es).
In addition, OCR will decide on the resolution approach for each finding based on the severity of the finding.
EHR 2.0 OCR HIPAA audit advisory services help healthcare organizations prepare for the audit by:
1) Assessing the current policies and procedures
2) Identifying key gaps and risk areas based on ePHI created, transmitted , received and stored
4) Risk analysis
5) Plans to mitigate risks identified
Visit our OCR audit resource section to learn more: http://ehr20.com/ocr-hhs-hitech-hipaa-audit-resources/