Publications
Privacy & Security

The 2021 DWT HIPAA Audit Toolkits – A Cost-Effective Answer to Meeting the Challenges of HIPAA

By  Adam H. Greene, Rebecca L. Williams, and Lyra Correa
01.13.21
Print this page

Maintaining the privacy and security of patient information is part of the foundation of providing good healthcare.

But complying with regulations under the Health Insurance Portability and Accountability Act (HIPAA) presents daunting challenges. The stakes for compliance are higher than ever, with random government audits, tougher investigations, breach notification obligations, and threat of hefty financial penalties.

Davis Wright Tremaine offers toolkits for Covered Entities, Business Associates, and Financial Institutions.

For Covered Entities

DWT 2021 HIPAA Audit Toolkit for Covered Entities

To help providers overcome the challenges of HIPAA compliance and stay on top of evolving rules and requirements, Davis Wright Tremaine developed the HIPAA Audit Toolkit for Covered Entities, which has been updated for 2021. Used by some of the country's most sophisticated and respected healthcare systems, the Toolkit offers a cost-effective means for HIPAA covered entities to assess vulnerabilities in their privacy, security, and breach notification programs, move toward solutions, and reduce the legal risks of a government HIPAA investigation or audit.

The 2021 edition has been updated with recent information about the Office for Civil Rights audit program, including the revised audit protocol and recent guidance on topics such as an individual's right of access and ransomware. The Toolkit includes the following, all of which have been updated to reflect the HIPAA Omnibus Rule:

  • A Privacy Compliance Assessment Tool, including relevant portions of the HHS Office for Civil Rights audit protocol;
  • A Breach Notification Compliance Assessment Tool, including relevant portions of the audit protocol;
  • A Security Compliance Assessment Tool, including relevant portions of the audit protocol, providing a legal review of security efforts;
  • Checklists for notices of privacy practices, business associate agreements, authorizations, data use agreements, group health plan documents, and breach notices;
  • Information about HHS HIPAA audits and enforcement, including sample data requests; and
  • A copy of the current HIPAA regulations.

For Business Associates

DWT 2021 HIPAA Audit Toolkit for Business Associates

If your organization handles health information on behalf a healthcare provider or health plan, either directly or indirectly, then it likely qualifies as a business associate under HIPAA. This means that you need to have a robust set of policies and procedures and supporting documentation, and be prepared for potential government audits or investigations. But where to begin?

Davis Wright Tremaine has created the HIPAA Audit Toolkit for Business Associates, a compliance tool designed to address the HIPAA privacy, security, and breach notification issues facing a variety of business associates. The Toolkit includes:

  • An overview of HIPAA, providing background on HIPAA and how it applies to business associates;
  • A Privacy and Breach Notification Compliance Assessment Tool, which identifies potential compliance gaps and recommends best practices in areas such as uses and disclosures of protected health information and incident reporting;
  • A Security Compliance Assessment Tool, providing a legal review of security efforts;
  • Checklists for business associate agreements with customers, business associate agreements with vendors, HIPAA-compliant authorization forms, group health plan documents, and breach notices;
  • A copy of the current HIPAA regulations; and
  • Information about HHS HIPAA audits and enforcement, including sample data requests.

For Financial Institutions

DWT 2021 HIPAA Audit Toolkit for Financial Institutions

Financial institutions are often subject to HIPAA's privacy, security, and breach notification requirements through a variety of services provided to healthcare providers and health plans. They have unique issues, sometimes subject to HIPAA as a healthcare clearinghouse, sometimes acted solely as a business associate to a healthcare provider or health plan, and sometimes exempt from HIPAA under Section 1179 of the Social Security Act.

Davis Wright Tremaine has created the HIPAA Audit Toolkit for Financial Institutions, a compliance tool designed to address the specific HIPAA privacy, security, and breach notification issues facing financial institutions. The Toolkit includes:

  • An overview of HIPAA and financial institutions, providing background on HIPAA and identifying how it potentially applies to a financial institution;
  • A Privacy and Breach Notification Compliance Assessment Tool, which identifies potential compliance gaps and recommends best practices in areas such as uses and disclosures of protected health information, incident reporting, and designating as a "hybrid entity" to limit liability;
  • A Security Compliance Assessment Tool, providing a legal review of security efforts;
  • Checklists for business associate agreements with customers, business associate agreements with vendors, HIPAA-compliant authorization forms, and breach notices;
  • A copy of the current HIPAA regulations;
  • Excerpts of HIPAA regulatory commentary and guidance specific to financial institutions; and
  • Information about HHS HIPAA audits and enforcement, including sample data requests.

Related Articles