Section 13411 of the HITECH Act's Subtitle D requires that HHS conduct mandatory audits (emphasis added).
The Secretary shall provide for periodic audits to ensure that covered entities and business associates that are subject to the requirements of this subtitle and subparts C (HIPAA Security Rule) and E (HIPAA Prrivacy Rule) of part 164 of title 45, Code of Federal Regulations, as such provisions are in effect as of the date of enactment of this Act, comply with such requirements.
Check out a FREE EHR Checklist. If you would like more information sign up for our FREE HITECH/HIPAA Compliance Newsletter.
