OCR Releases HIPAA Privacy, Security and Breach Notification Audit Program Protocol

The Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS) posted the protocol used to conduct the audits required by the HITECH Act. OCR is conducting a pilot program to perform 115 audits of covered entities from November 2011 until December 2012, as mandated by the HITECH Act, which requires HHS to provide for periodic audits to ensure covered entities and business associates are complying with HIPAA Privacy and Security Rules and Breach Notification standards. The audit protocol, which is organized around modules that cover aspects of privacy, security, and breach notifications, is now available online.