Sep

17

HHS enforcement? Who knows?

By Dom Nicastro

HHS audits coming to you? Who knows?

The HITECH Act calls for “periodic audits” to ensure HIPAA privacy and security compliance.

But what does that mean? Even the government itself doesn’t know – yet.

We are e-attending (did I just make that up?) the 17th annual national HIPAA Summit at the Wardman Park Hotel in Washington, DC.

Through its live online chat yesterday, we asked two government speakers what they knew about enforcement and audits. Each said the process has yet to be determined.

David Blumenthal, MD, MPH, national coordinator for HHS’ Health Information Technology, deferred the question to his Office for Civil Rights (OCR) colleagues. OCR, of course, oversees HIPAA privacy and security.

When HIPAA Update asked Sue McAndrew, the OCR deputy director for Health Information Privacy, she said she did not yet know the process by which HHS will conduct audits.

OCR may build on existing types of audits or perhaps partner with the Inspector General, McAndrew speculated.

“We are basically in the process of doing some scanning and weighing our options of what kinds of audit programs are out there and what turns out to be the most effective,” McAndrew said.