The American Recovery and Reinvestment Act of 2009, in Section 13411 of the HITECH Act, requires the U.S. Department of Health and Human Services (HHS) to provide for periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards. To implement this mandate, the HHS Office for Civil Rights (OCR) is piloting a program to perform up to 150 audits of covered entities to assess privacy and security compliance. Audits conducted during the pilot phase will begin in November 2011 and conclude by December 2012.
More information regarding OCR’s Pilot Audit Program is available on the OCR website at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/index.html
Source: OCR News Release