Health Insurance Portability and Accountability Act (HIPAA) Self-Certification Program

About the Program

Category: County Administration and Management (Best in Category)

Year: 2010

In Los Angeles County, the Department of Auditor-Controller is responsible for establishing and maintaining effective internal controls of compliance with the federal Health Insurance Portability and Accountability Act of 1996. The U.S. Department of Health and Human Service (DHHS) issued the final regulations addressing HIPAA’s Privacy Rule, which provided a minimum level of privacy rights and protections for health information throughout the country. The Privacy Rule provides the core elements that covered entities must meet in order to be in compliance with HIPAA. Three of those core elements are: safeguard individually identifiable health information; audit covered components to ensure compliance; and appoint an individual to be responsible for the covered entities HIPAA program. The person responsible for ensuring compliance with these core elements in the County is the Auditor-Controller Chief HIPAA Privacy Officer. In planning and performing their undertaking to secure HIPAA compliance with their covered departments, the AC-CPO developed a self-certification HIPAA audit program that requires covered departments to effectively evaluate their operations’, facilities’, and workforce members’ activities as they relate to protected health information (PHI).