Skip to main content

Planning for the Release of Final HIPAA Rules and HIPAA Auditing

Written by Dianne Bourque

On December 14, the Office of Civil Rights (“OCR”) indicated at a public meeting that it is considering the simultaneous publication in 2011 of four final HIPAA rules:

  • The breach notification rule
  • The HIPAA Enforcement Rule
  • The HITECH implementation rules
  • The HIPAA changes mandated by GINA

These rules are all scheduled for release at some point in 2011.

Additionally, OCR stated that it is evaluating various options for conducting the HIPAA audits that are mandated under the HITECH Act.  OCR is considering the conventional approach of auditing samples of covered entities and business associates, and is also considering the use of a third party to certify covered entities and business associates demonstrating compliance with federal privacy and security standards.

At this time there have been no formal announcements from OCR regarding these issues.

Subscribe To Viewpoints


Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.