The OCR has not performed required audits of corporations that handle protected patient information, has not sufficiently documented decisions made regarding potential privacy violations and has failed to properly safeguard its own records, according to the report.
The report recommends the OCR conduct periodic audits as outlined in the HITECH Act to ensure compliance at all HIPAA-covered entities, as well as readjust the auditing program to comply with federal regulations.
More Articles on HIPAA:
The 10 Biggest Hospital Stories of 2013
7 Best Practices for HIPAA Mobile Device Security
GAO Calls for Updated Consumer Privacy Framework
