Regarding compliance with certain provisions of the HIPAA Privacy, Security, and Breach Notification Rules:
The HIPAA Audits Industry Report reviewed 166 covered entities, and 41 business associates, as it is a requirement of the Health Information Technology and Clinical Health (HITECH) Act for HHS to periodically audit covered entities and business associates for their compliance with the HIPAA rules.
The audit findings are summarized as follow:
Most covered entities provided timely notifications to individuals regarding breaches, as required.
Most covered entities prominently post their Notice of Privacy Practices on their websites where they maintain their customer services and benefits, as required.
Most covered entities’ Notice of Privacy Practices did not include all the required content.
Most covered entities did not provide all of the content for breach notification to individuals, as required.
Most covered entities did not properly implement the individual right of access, as required: such as timely action within 30 days and charging of a reasonable cost-based fee.
Most covered entities and business associates did not meet the HIPAA Security Rule Requirements for risk analysis and risk management.
Check out the report here:
Comments