As required by the HITECH Act, the U.S. Department of Health and Human Services (“HHS”) has announced the rollout of a new audit initiative to assess compliance across the nation with the privacy and security standards for protected health information under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including the breach notification rules in the HITECH Act. All “covered entities” under HIPAA—including healthcare providers and group health plans of all sizes—must take notice of this development in HIPAA enforcement and take immediate steps in preparation for the possibility of an audit as well as the possibility of penalties for serious failures to implement the required compliance protocols.
Ever since implementation of the HIPAA privacy and security standards first began in 2003, covered entities have been required to establish and maintain a variety of compliance mechanisms, including written policies and procedures, training of responsible workforce members, business associate agreements, relevant notices to patients or plan participants, and health plan document amendments. More recently, covered entities have had to implement procedures to comply with the notification requirements under the HITECH Act relating to certain breaches of the privacy or security of individuals’ protected health information.
Click "New Audit Program for HIPAA Privacy & Security Compliance Changes Enforcement Landscape for Covered Entities" to view complete newsletter.