HHS Publishes HIPAA Audit Protocol
By Anna Kraus and Rachel Grunberger
The Department of Health and Human Services (HHS) has posted on its website the protocol for the HIPAA audits required under the HITECH Act. Section 13411 of the HITECH Act requires HHS to provide for periodic audits to ensure that covered entities and business associates are in compliance with the HIPAA standards for privacy, security, and breach notification. The protocol sets out the specific requirements that HHS will assess through performance audits, and may serve as a helpful resource for determining whether your organization is in compliance with those standards.