You may have been doing a lot to ensure information security and compliance in your organization. But that´s really not enough- because it´s now time to prove your compliance with security and breach notification rules, to the OCR audit team. The audit protocols were developed by KPMG under the $9 million contract which was announced in July, and up to 150 audits are scheduled to be conducted by end of 2012.
Beginning with 20 “initial” audits the new protocols are to be tested, and the results of these initial audits will determine how and when the remaining audits will be conducted. The new OCR webpage, which carries information on the audit program, states that in the initial round, covered entities of various sizes and functions will be audited, and that business associates will be included in the later audits. The website states that covered entities are expected to extend complete support and cooperation, and also reminds them that the HIPAA Enforcement Rule makes cooperation mandatory.
The initial audit reports from KPMG will be used by OCR to determine what types of technical assistance need to be developed and what are the corrective actions that will prove most effective.
While OCR does not explain how entities will be selected for the audit, you can expect a written notification when your organization has been selected. This notification will also explain details of the program and include initial requests for documentation and information, which have to be provided within 10 business days. Following this, you can also expect a site visit between 30 and 90 days after the notification has been sent.
So are you prepared to face the acid test? How compliant is your entity? How effective are your security policies and protocols? Have you been adequately documenting proof of compliance? It´s time to do a reality check. Our security and compliance solutions have been specifically designed to meet this purpose. While SecureGRC is a completely automated solution which allows you to seamlessly manage compliance and security requirements, the automated HIPAA compliance management toolkit helps you effortlessly meet audit requirements by dramatically simplifying the process.