Health & Human Services Launches HIPAA Audit Program

The Department of Health and Human Services (HHS) announced the launch of the second phase of its Health Insurance Portability and Accountability Act (HIPAA) audit program, which focuses on compliance with HIPAA’s Privacy, Security and Breach Notification Rules.

Download the full Bulletin on the HIPAA Audit Program >

Impact on Employers

• The Privacy and Security Rules do not directly apply to employers.
• As health plan sponsors, employers are indirectly subject to the Privacy and Security Rules.
• The extent of the Rules’ impact on employers generally depends on whether they have access to protected health information (PHI) for plan administration purposes.

Download the full Compliance Overview on HIPAA’s Privacy, Security and Breach Notification Rules >

Links and Resources

HHS’ website includes a brief summary of the HIPAA Security Rule and links to the official regulation text.

HHS has provided the following resources:

• Risk Analysis Guidance
• Security Risk Assessment Tool

This regulatory update is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice.
Readers should contact legal counsel for legal advice.