Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

HHS Publishes HIPAA Audit Protocol

Posted in Health Privacy

By Anna Kraus and Rachel Grunberger

The Department of Health and Human Services (HHS) has posted on its website the protocol for the HIPAA audits required under the HITECH Act.  Section 13411 of the HITECH Act requires HHS to provide for periodic audits to ensure that covered entities and business associates are in compliance with the HIPAA standards for privacy, security, and breach notification.  The protocol sets out the specific requirements that HHS will assess through performance audits, and may serve as a helpful resource for determining whether your organization is in compliance with those standards.