This entry is part 3 of 27 in the series HIPAA Audit Tips

In a recent post by Howard Anderson entitled: “Permanent HIPAA Audit Program Coming”, Howard quoted Leon Rodriguez, Director of the Office for Civil Rights on several practical, actionable steps organizations must take now to prepare for the upcoming HIPAA OCR/KPMG audits.  Let’s compare our respective recommendations.

Benefit from our expertise; prepare for the audits!  …


Just Getting Started with HIPAA Audit Prep? | HIPAA Audit Tips

Need HIPAA Audit Help?

Director Rodriquez speaks out in “Interactive Session: Privacy and Security – You can do it!”

At the annual meeting of the Office of the National Coordinator for Health IT on November 17th, Rodriguez provided the following recommendations:

  • Check that risk assessments are up to date;
  • Make sure senior managers are supportive of risk mitigation strategies;
  • Review existing compliance programs as well as staff training;
  • Ensure vigilant implementation of privacy and security policies and procedures, as well as tough sanctions for violating them;
  • Conduct frequent internal compliance audits; and
  • Develop a plan for prompt response to breach incidents.

Just getting started preparing for the upcoming KPMG OCR HIPAA Audits? Here’s Clearwater Compliance’s By-the-Regs HIPAA Audit Help Playbook:

  1. Stand Up Your Privacy and Security Risk Management & Governance Program (45 CFR § 164.308(a)(1))
  2. Complete a HIPAA Security Evaluation (45 CFR § 164.308(a)(8))
  3. Complete a HIPAA Security Risk Analysis (45 CFR §164.308(a)(1)(ii)(A))
  4. Develop comprehensive HIPAA Privacy and Security and Breach Notification Policies & Procedures (45 CFR §164.530 and 45 CFR §164.316))
  5. Complete a Privacy Rule compliance assessment (45 CFR §164.530)
  6. Document and act upon a corrective action plan

Visit Clearwater Compliance for more information or call us today at 800-704-3394 to learn more aboutClearwater Compliance’s HIPAA AuditPrep™ Series of Workshops.

Wanna be even more hip on HIPAA? Learn more…

The complete HIPAA Privacy, Security and Breach regulations are here.

If you’d like keep up to date on Risk Analysis or HIPAA-HITECH in general, please also consider (all optional!):

Series Navigation<< HIPAA Audit Tips – CLEARWATER COMPLIANCE PUBLISHES SEMINAL HIPAA AUDIT WHITE PAPERHIPAA Audit Tips – Lessons from CMS’ 2008 Compliance Reviews >>

Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.