Less than a month after HHS published its long-delayed final HIPAA security rule, a major accreditation body is seeking public comments on a proposed set of standards for measuring security compliance.
URAC, a Washington-based healthcare accreditation organization, on Monday issued a 14-page draft list of standards to help covered healthcare entities assess their own HIPAA compliance efforts and plan risk mitigation efforts.
URAC is asking the public to comment on the proposal within 30 days, through April 9.
"The purpose of this accreditation program is to verify that an organization has put in place the necessary infrastructure and implemented the necessary processes to comply with the HIPAA security rule," the draft says.
URAC, a private-sector organization, says that its stamp of approval does not guarantee HIPAA compliance, as only HHS and the U.S. Department of Justice are charged with enforcing of the security rule.
"Having the URAC seal tells the market that you are following sound information management practices when it comes to HIPAA compliance," Lisa Gallagher, URAC senior vice president for information and technology accreditation, says in a statement.
Other URAC officials were not immediately available for comment.
The accreditation group also is taking comments on its proposed HIPAA privacy compliance standards, released last month. The comment period for that rule closes Wednesday.