HIPAA Audit Update: Susan McAndrew

New post from www.healthcareinfosecurity.com.

Federal HIPAA privacy and security rule compliance audits of healthcare organizations and their business associates likely will start later this year, says Susan McAndrew, deputy director for privacy in the HHS Office for Civil Rights.

In an exclusive interview, McAndrew says the timing of the start of the HITECH Act's mandated audit program "will really depend on the ultimate selection of what model we use" and how fast that model can be implemented.

McAndrew also said:

• The audits likely will be outsourced and not conducted by OCR staff.
• Security audits will check that organizations have completed a risk assessment and implemented appropriate administrative, technical and physical safeguards.
• Audits for compliance with the privacy rule will focus on organizations' efforts to uphold individuals' rights, such as their right to access their own medical records.

McAndrew made her comments in an interview at the conference: "Safeguarding Health Information: Building Assurance through HIPAA Security," sponsored by OCR and National Institute of Standards and Technology.