Skip to content
DWT logo
People Expertise Insights
About Locations Careers
Search
People
Expertise
Insights
About
Locations
Careers
Search
Publications
Privacy & Security

The 2021 DWT HIPAA Audit Toolkits – A Cost-Effective Answer to Meeting the Challenges of HIPAA

By  Adam H. Greene, Rebecca L. Williams, and Lyra Correa
01.13.21
Share
Print this page

Maintaining the privacy and security of patient information is part of the foundation of providing good healthcare.

But complying with regulations under the Health Insurance Portability and Accountability Act (HIPAA) presents daunting challenges. The stakes for compliance are higher than ever, with random government audits, tougher investigations, breach notification obligations, and threat of hefty financial penalties.

Davis Wright Tremaine offers toolkits for Covered Entities, Business Associates, and Financial Institutions.

For Covered Entities

DWT 2021 HIPAA Audit Toolkit for Covered Entities

To help providers overcome the challenges of HIPAA compliance and stay on top of evolving rules and requirements, Davis Wright Tremaine developed the HIPAA Audit Toolkit for Covered Entities, which has been updated for 2021. Used by some of the country's most sophisticated and respected healthcare systems, the Toolkit offers a cost-effective means for HIPAA covered entities to assess vulnerabilities in their privacy, security, and breach notification programs, move toward solutions, and reduce the legal risks of a government HIPAA investigation or audit.

The 2021 edition has been updated with recent information about the Office for Civil Rights audit program, including the revised audit protocol and recent guidance on topics such as an individual's right of access and ransomware. The Toolkit includes the following, all of which have been updated to reflect the HIPAA Omnibus Rule:

  • A Privacy Compliance Assessment Tool, including relevant portions of the HHS Office for Civil Rights audit protocol;
  • A Breach Notification Compliance Assessment Tool, including relevant portions of the audit protocol;
  • A Security Compliance Assessment Tool, including relevant portions of the audit protocol, providing a legal review of security efforts;
  • Checklists for notices of privacy practices, business associate agreements, authorizations, data use agreements, group health plan documents, and breach notices;
  • Information about HHS HIPAA audits and enforcement, including sample data requests; and
  • A copy of the current HIPAA regulations.

For Business Associates

DWT 2021 HIPAA Audit Toolkit for Business Associates

If your organization handles health information on behalf a healthcare provider or health plan, either directly or indirectly, then it likely qualifies as a business associate under HIPAA. This means that you need to have a robust set of policies and procedures and supporting documentation, and be prepared for potential government audits or investigations. But where to begin?

Davis Wright Tremaine has created the HIPAA Audit Toolkit for Business Associates, a compliance tool designed to address the HIPAA privacy, security, and breach notification issues facing a variety of business associates. The Toolkit includes:

  • An overview of HIPAA, providing background on HIPAA and how it applies to business associates;
  • A Privacy and Breach Notification Compliance Assessment Tool, which identifies potential compliance gaps and recommends best practices in areas such as uses and disclosures of protected health information and incident reporting;
  • A Security Compliance Assessment Tool, providing a legal review of security efforts;
  • Checklists for business associate agreements with customers, business associate agreements with vendors, HIPAA-compliant authorization forms, group health plan documents, and breach notices;
  • A copy of the current HIPAA regulations; and
  • Information about HHS HIPAA audits and enforcement, including sample data requests.

For Financial Institutions

DWT 2021 HIPAA Audit Toolkit for Financial Institutions

Financial institutions are often subject to HIPAA's privacy, security, and breach notification requirements through a variety of services provided to healthcare providers and health plans. They have unique issues, sometimes subject to HIPAA as a healthcare clearinghouse, sometimes acted solely as a business associate to a healthcare provider or health plan, and sometimes exempt from HIPAA under Section 1179 of the Social Security Act.

Davis Wright Tremaine has created the HIPAA Audit Toolkit for Financial Institutions, a compliance tool designed to address the specific HIPAA privacy, security, and breach notification issues facing financial institutions. The Toolkit includes:

  • An overview of HIPAA and financial institutions, providing background on HIPAA and identifying how it potentially applies to a financial institution;
  • A Privacy and Breach Notification Compliance Assessment Tool, which identifies potential compliance gaps and recommends best practices in areas such as uses and disclosures of protected health information, incident reporting, and designating as a "hybrid entity" to limit liability;
  • A Security Compliance Assessment Tool, providing a legal review of security efforts;
  • Checklists for business associate agreements with customers, business associate agreements with vendors, HIPAA-compliant authorization forms, and breach notices;
  • A copy of the current HIPAA regulations;
  • Excerpts of HIPAA regulatory commentary and guidance specific to financial institutions; and
  • Information about HHS HIPAA audits and enforcement, including sample data requests.

Related Articles

DWT logo
©1996-2020 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Prior results do not guarantee a similar outcome.
NAVIGATE
Home People Expertise Insights
About Locations Careers Events Blogs
STAY CONNECTED

Subscribe to stay informed.

Subscribe
Employee Login
DWT Connect
EEO
Affiliations
Legal notices
Privacy policy
©1996-2020 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Prior results do not guarantee a similar outcome.
Close
Close

CAUTION - Before you proceed, please note: By clicking “accept” you agree that our review of the information contained in your e-mail and any attachments will not create an attorney-client relationship, and will not prevent any lawyer in our firm from representing a party in any matter where that information is relevant, even if you submitted the information in good faith to retain us.