HITECH called for "periodic audits" to ensure HIPAA compliance, but as of today the Office of Civil Rights has not created a calendar of when those periodic audits will take place.
Sue McAndrew, the deputy director for Health Information Privacy for OCR, said at the 18th Annual National HIPAA Summit Thursday that OCR is working with a HIPAA privacy and security expert to help the organization "map out essentially the range of options that we have and what would be the most effective."
OCR is considering its budgetary means as well as the most effective method. "There are 1,000 ways to do this," McAndrew said.
HHS published in the Federal Register on October 30 the HITECH Act enforcement interim final rule for the February 17, 2009 HITECH Act deadline.
The interim rule includes no amendments to the enforcement provisions in HITECH, according to the rule itself.