Protocols to be Published
OCR plans to publish the audit protocol on its website "in the near future," McAndrew says. "As part of this pilot program, OCR has developed a specific audit protocol manual to be used for conducting audits. The protocol is also designed so OCR can use it as the basis for our audit work in the future, regardless of the staffing approach we take long term."
McAndrew declines to discuss whether OCR is moving ahead with plans for continuing the audit program beyond this year. She points out that OCR will offer a report on the aggregate findings of its audits after all of this year's audits are complete.The Department of Health and Human Services' Office for Civil Rights has completed its initial 20 audits that tested the program mandated by the HITECH Act, says Susan McAndrew, deputy director at OCR. But those organizations have not yet received their final audit reports, she notes.
"Data collection on the next wave of 25 has begun," McAndrew tells HealthcareInfoSecurity. The other 70 will be notified in phases in the months ahead.
NOTE: Remember Risk Analysis is the foundation of the rule, documentation of all actions should be maintained. If it is not documented, you may not be able to prove you are following HIPAA and your policies and practices.
Old Chinese Proverb(Modified): The best time to document your HIPAA compliance was 8 years ago, the next best time to start is TODAY.