FROM THE FOUNDATION

Big Business, Little Data

A growing number of Californians are being sent to ambulatory surgery centers for a wide variety of procedures, yet little is known about the care they deliver because reporting is not required.

Keeping Track of Asthma

CHCF has made a second investment in Asthmapolis, a device that tracks asthma inhaler use and reports data through mobile phones to patients and doctors to better manage the disease.

Privacy and Security

Wednesday, June 27, 2012

OCR Releases Protocol for HIPAA Privacy and Security Rule Audits

On Tuesday, HHS' Office for Civil Rights published the protocol that it uses to conduct audits of the HIPAA Privacy and Security rules, Health Data Management reports.

The audits are required under the 2009 federal economic stimulus package's HITECH Act.

The audit protocol covers:

  • HIPAA Privacy Rule requirements regarding how health care entities use, share and provide access to protected health information;
  • HIPAA Security Rule requirements regarding how health care entities enact administrative, physical and technical safeguards for protected health information; and
  • Requirements for the Breach Notification Rule (Health Data Management, 6/26).

Reactions

Adam Greene -- a partner at the law firm Davis Wright Tremaine who formerly worked at OCR -- said the protocol will help health care entities better understand the auditing process.

However, a preliminary analysis consulting firm by CynergisTek stated that the audit protocol "may still leave the industry wanting for more explicit guidance" (Anderson, GovInfoSecurity, 6/26).



Readers are also invited to send feedback to: ihb@chcf.org
Click to register for iHealthBeat