Technical Bulletin – 2016 Issue 6 – HHS Issues New HIPAA Privacy, Security, and Breach Notification Audit Protocol
In April 2016, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) released a new HIPAA Privacy, Security, and Breach Notification Audit Protocol. In July 2016, OCR started a new round of audits of covered entities including employer-sponsored group health plans. Audits for business associates of covered entities are scheduled for later this year. Employers sponsoring health plans should take steps to familiarize themselves with the audit program and the audit protocol.