HIPAA Audit Toolkits and Information Blocking Compliance Toolkit

Every year, health information privacy gets more complicated. Davis Wright Tremaine's HIPAA Audit Toolkits and Information Blocking Compliance Toolkit provide cost-effective ways to simplify and manage compliance with complex federal health information laws.

DWT Information Blocking Compliance Toolkit

To help Information Blocking Rule actors – health care providers, health IT developers, and health information exchanges and networks – comply with the evolving information blocking compliance obligations, we created the DWT Information Blocking Compliance Toolkit. It includes:

  • An overview of information blocking, including both the 21st Century Cures Act Information Blocking Rule and information blocking attestation requirements under the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA);
  • A tool for determining whether you are subject to the Information Blocking Rule;
  • A policy template for compliance with the Information Blocking Rule;
  • A set of spreadsheets for identifying and tracking potential information blocking practices;
  • An analysis tool for assessing potential information blocking practices and whether they fit under any regulatory exceptions; and
  • A bookmarked PDF with information blocking statutory text, regulatory text, proposed and final preamble commentary, and frequently asked questions.

The DWT Information Blocking Toolkit has been updated to include information about 2023 and 2024 enforcement rules with respect to disincentives for health care providers and civil monetary penalties on health IT developers and health information exchanges and networks that are found to have committed information blocking.

DWT HIPAA Audit Toolkits

Complying with privacy, security, and breach notification regulations under the Health Insurance Portability and Accountability Act (HIPAA) presents daunting challenges. Regulators expect comprehensive policies and procedures addressing a multitude of standards and implementation specifications, from access by patients to risk analysis and management. To help HIPAA regulated entities – covered entities and business associates – build and monitor their HIPAA compliance programs, we created the DWT HIPAA Audit Toolkits.

For Covered Entities

The DWT HIPAA Audit Toolkit for Covered Entities offers health care providers and health plans a means to review their compliance with the HIPAA Privacy, Security, and Breach Notification Rules. It can be used to help build comprehensive policies and procedures or to assess current ones. It includes:

  • A Privacy Compliance Assessment Tool, including relevant portions of the HHS Office for Civil Rights audit protocol;
  • A Breach Notification Compliance Assessment Tool, including relevant portions of the audit protocol;
  • A Security Compliance Assessment Tool, including relevant portions of the audit protocol, providing a legal review of security efforts;
  • Checklists for notices of privacy practices, business associate agreements, authorizations, data use agreements, group health plan documents, breach notices, and attestations regarding reproductive health care;
  • Information about HHS HIPAA audits and enforcement, including sample data requests; and
  • A copy of the current HIPAA regulations.

For Business Associates

If your organization handles health information on behalf a healthcare provider or health plan, then it likely qualifies as a business associate under HIPAA. This means that you need to have a robust set of policies and procedures and supporting documentation, and be prepared for potential government audits or investigations. But where to begin?

DWT has created the HIPAA Audit Toolkit for Business Associates, a compliance tool designed to address the HIPAA privacy, security, and breach notification issues facing a variety of business associates. The Toolkit includes:

  • An overview of HIPAA, providing background on HIPAA and how it applies to business associates;
  • A Privacy and Breach Notification Compliance Assessment Tool, which identifies potential compliance gaps and recommends best practices in areas such as uses and disclosures of protected health information and incident reporting;
  • A Security Compliance Assessment Tool, providing a legal review of security efforts;
  • Checklists for business associate agreements with customers, business associate agreements with vendors, HIPAA-compliant authorization forms, breach notices, and attestations regarding reproductive health care;
  • A copy of the current HIPAA regulations; and
  • Information about HHS HIPAA audits and enforcement, including sample data requests.

We have updated the DWT HIPAA Audit Toolkits to address 2024 amendments related to reproductive health care, including new requirements for policies and procedures and new attestation requirements.

Each Toolkit costs $4,000. For information about the Toolkits, including an opportunity to review a Toolkit, please contact Adam Greene.