Invite a Friend

Sitemap

Home

Technology
e-Newsletter

Intelligence Unit

Special Reports

Special Events

Subscribe

Sponsored

Departments

Follow Us

Home > Technology > Tech News & Analysis

OCR Building HIPAA Audit Plan With Outside Help

Comment

RSS

News Widget

Dom Nicastro, for HealthLeaders Media, May 24, 2010

HIPAA's privacy and security enforcer has hired an outside firm to help build its HITECH-required HIPAA auditing plan, the government agency tells HealthLeaders Media.

The Office for Civil Rights (OCR), which carries out for the Department of Health & Human Services (HHS) enforcement of the HIPAA privacy and security rules, says it does not have a timetable for when the audit plan begins.

However, in an e-mail to HealthLeaders Media Thursday, May 20, OCR says it is "presently engaged in a contract to survey and recommend strategies for implementing the HITECH audit requirement."

The firm is Booz Allen Hamilton.

HITECH, signed into law by Congress February 17, 2009, requires OCR to conduct "periodic audits" of covered entities regarding HIPAA privacy and security compliance.

The contractor will help OCR with the "how" and "when" of the audit program.

Sue McAndrew, the deputy director for Health Information Privacy for OCR, told HealthLeaders Media at the 18th Annual National HIPAA Summit in February that "there are 1,000 ways to do this."

Talk of enforcement heated up this month at a national security conference, according to Mac McMillan, CEO of CynergisTek™ and one of the speakers at the Washington, DC, conference–"Safeguarding Health Information: Building Assurance through HIPAA Security."

The conference was hosted by HHS, OCR and National Institute of Standards and Technology (NIST).

MacMillan praised OCR for what he called a "proactive" approach to carrying out the provisions in the HITECH and maintaining transparency in the process. He said the longtime privacy enforcer, which this year took over enforcement of the security rule from CMS, is "doing a much better job than its predecessor."

"OCR is much more organized and is quietly getting its stuff together," says MacMillan, who has had conversations with top OCR officials. "With CMS, enforcement just didn't really fit. OCR on the other hand has been in the business of investigating privacy issues since Day 1."

1 | 2

Email to a colleague

RSS

News Widget

Archive

Printer Friendly

Be the first to make a comment

Comments are moderated. Please be patient.

Health data losses: Don’t blame hackers

While patients and doctors often worry about medical records being hacked by cybercriminals and Internet snoops, the most common cause of health data breaches is physical theft of computing gear, according...

Software Freedom’s latest target is medical devices

Heart disease patients like Dick Cheney are vulnerable to buggy software and hack-attacks aimed straight at the devices implanted near their hearts. Worse, they have no legal recourse. But open source could...

HITECH Panic? Not Now, At Least

Now that Congress (finally) strengthened HIPAA enforcement and toughened compliance requirements through breach notification processes and accounting of disclosures on EHRs, what's the reaction in the industry?

Book: Facility Safety and Emergency Management

Promote facility safety and emergency management throughout your facility all year long with the HCPro Facility Safety and Emergency Management Collection.

go to complete list