Refraining from intimidating or retaliatory acts
, which describes its intent as:“The OCR HIPAA Audit program analyzes processes, controls, and policies of selected covered entities pursuant to the HITECH Act audit mandate.
OCR established a comprehensive audit protocol that contains the requirements to be assessed through these performance audits.
These safeguards are covered in depth under the HIPAA Security Rule (SR), which is meant to complement the HIPAA Privacy Rule.
This reference to safeguards makes the relationship between the rules more explicit. A Covered Entity must provide a process for individuals to make complaints and complaints must be documented. A Covered Entity must apply appropriate sanctions against members of its workforce that do not comply with the rules and document such sanctions. A Covered Entity must mitigate, to the extent practicable, any harmful effects caused by the inappropriate disclosure of PHI.
Obtain and review policies and procedures in place and evaluate the content relative to the specified criteria to determine if anti-intimidation and anti-retaliatory standards exist.
Obtain and review evidence that the policies and procedures are updated appropriately and conveyed to the workforce.’s Safeguard Compliance Tool Package (Version 3.0) is designed for covered entities and business associates to document and successfully demonstrate safeguard compliance for either a potential selection for an OCR desk or onsite audit or for providing evidence to cyber insurance underwriters of a security management process and security measures in place.
reflects provisions of the HITECH Act Modifications of HIPAA Rules that required compliance by covered entities and business associates by September 23, 2013.
Each component of the package is linked via proprietary code and written in plain language.Obtain and review documentation that the policies and procedures are conveyed to the workforce..164.530(g) Standard: Refraining from intimidating or retaliatory acts.MCN Healthcare's HIPAA Guidelines Policy and Procedure Manual provides policies and procedures addressing the HIPAA Privacy Rule, the HIPAA Security Rule, Notification of Breach of Protected Health Information (HITECH), and Transactions and Code Sets as mandated by the federal government.Policies and procedures include the changes covered in the Omnibus Final Rule.