OCR Announces HIPAA Privacy and Security Audit Program

As part of the American Recovery and Reinvestment Act of 2009, the U.S. Department of Health and Human Services is required to periodically audit covered entities and business associates to ensure compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its privacy, security and breach notification standards. To implement this mandate, the Office for Civil Rights (OCR) announced that it is piloting a program to perform up to 150 audits of covered entities (such as health plans and healthcare service providers). Audits conducted during this pilot phase will begin in November of 2011 and conclude by December of 2012. Additional information about the HIPAA Privacy and Security Audit Program is available here.