The Office for Civil Rights, the agency responsible for ensuring HIPAA privacy standards are being met, has not been meeting all federal requirements in its oversight and enforcement of the law, according to a report from HHS' Office of the Inspector General.
The OCR has not performed required audits of corporations that handle protected patient information, has not sufficiently documented decisions made regarding potential privacy violations and has failed to properly safeguard its own records, according to the report.
The report recommends the OCR conduct periodic audits as outlined in the HITECH Act to ensure compliance at all HIPAA-covered entities, as well as readjust the auditing program to comply with federal regulations.
More Articles on HIPAA:
The 10 Biggest Hospital Stories of 2013
7 Best Practices for HIPAA Mobile Device Security
GAO Calls for Updated Consumer Privacy Framework