In a recent post by Howard Anderson entitled: “Permanent HIPAA Audit Program Coming”, Howard quoted Leon Rodriguez, Director of the Office for Civil Rights on several practical, actionable steps organizations must take now to prepare for the upcoming HIPAA OCR/KPMG audits. Let’s compare our respective recommendations.
Benefit from our expertise; prepare for the audits! …
Need HIPAA Audit Help?
Director Rodriquez speaks out in “Interactive Session: Privacy and Security – You can do it!”
At the annual meeting of the Office of the National Coordinator for Health IT on November 17th, Rodriguez provided the following recommendations:
- Check that risk assessments are up to date;
- Make sure senior managers are supportive of risk mitigation strategies;
- Review existing compliance programs as well as staff training;
- Ensure vigilant implementation of privacy and security policies and procedures, as well as tough sanctions for violating them;
- Conduct frequent internal compliance audits; and
- Develop a plan for prompt response to breach incidents.
Just getting started preparing for the upcoming KPMG OCR HIPAA Audits? Here’s Clearwater Compliance’s By-the-Regs HIPAA Audit Help Playbook:
- Stand Up Your Privacy and Security Risk Management & Governance Program (45 CFR § 164.308(a)(1))
- Complete a HIPAA Security Evaluation (45 CFR § 164.308(a)(8))
- Complete a HIPAA Security Risk Analysis (45 CFR §164.308(a)(1)(ii)(A))
- Develop comprehensive HIPAA Privacy and Security and Breach Notification Policies & Procedures (45 CFR §164.530 and 45 CFR §164.316))
- Complete a Privacy Rule compliance assessment (45 CFR §164.530)
- Document and act upon a corrective action plan
Visit Clearwater Compliance for more information or call us today at 800-704-3394 to learn more aboutClearwater Compliance’s HIPAA AuditPrep™ Series of Workshops.
Wanna be even more hip on HIPAA? Learn more…
The complete HIPAA Privacy, Security and Breach regulations are here.
If you’d like keep up to date on Risk Analysis or HIPAA-HITECH in general, please also consider (all optional!):
- Joining our AboutHIPAA LinkedIn Group: http://AboutHIPAALI.org
- Following me: http://www.twitter.com/ClearwaterHIPAA
- Subscribing to our eNewsletter: https://clearwatercompliance.com/resources/newsletters/
- Subscribing to our RSS feed: Clearwater HIPAA Compliance Blog
- Checking our company web site: http://clearwatercompliance.com/
- Attending a HIPAA HITECH live webinar: http://abouthipaa.com/webinars/upcoming-live-webinars/
- Attending a HIPAA HITECH Blue Ribbon Panel Live Web Event: http://abouthipaa.com/webinars/blue-ribbon-panel-live-events/
- Viewing a pre-recorded webinar: http://abouthipaa.com/webinars/on-demand-webinars/
Latest posts by Bob Chaput (see all)
- Making the case for comprehensive cyber-risk strategies: 10 startling facts that will spur C-suite action - August 8, 2016
- Building Capability and Capacity to Take on Healthcare’s Evolving Security Threats - August 5, 2016
- HIPAA Risk Analysis Tip – The Biggest Risk Management Surprises in the 2016 OCR Audit Protocol - April 11, 2016