We recently posted a sample form used for management comment upon receipt of the initial Notification of Findings and Recommendations (NFR) Report. Here’s today’s big tip – View a sample Notification of Findings and Recommendations (NFR) Report! Learn how OCR Audit Protocol is being used.
Notification of Findings and Recommendations Report from OCR HIPAA Audits
If you have not yet been through an OCR HIPAA Audit, you may still have time to prepare. In a single sentence in The HITECH Act at Section 13411, Congress mandated that the Secretary of HHS perform audits of Covered Entities and Business Associates to test compliance with the HIPAA Privacy and Security Rules and the HITECH Breach Notification Rule.
Management’s Initial Report from OCR HIPAA Audits
The organizations being audited with whom we have worked are presented with a detailed listing of all deficiencies found with details follows: Condition, Criteria, Cause, Effect and Recommendation.
Actions You Should Take Now to Prepare for OCR HIPAA Audits
We recommend that organizations who have not already done so complete some fundamental preparation activities which include, but are not limited to:
- Establish a formal Privacy and Security Risk Management & Governance Program (45 CFR § 164.308(a)(1))
- Complete a HIPAA Security Evaluation (45 CFR § 164.308(a)(8))
- Complete a Privacy Rule compliance assessment (45 CFR §164.530)
- Complete a Breach Rule compliance assessment (45 CFR §164.400)
- Complete a HIPAA Security Risk Analysis (45 CFR §164.308(a)(1)(ii)(A))
- Develop comprehensive HIPAA Privacy and Security and Breach Notification Policies & Procedures (45 CFR §164.530, 45 CFR §164.316 and 45 CFR §164.414 )
- Document and act upon a corrective action plan
Please feel free to contact us to benefit from our expertise and help you jump-start your program.
Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.
Wanna be even more ready for an audit or hip on HIPAA? Learn more…
The complete HIPAA Privacy, Security and Breach regulations are here.
If you’d like keep up to date on Audit Preparation, Risk Analysis or HIPAA-HITECH in general, please also consider (all optional!):
- Joining our AboutHIPAA LinkedIn Group: http://AboutHIPAALI.org
- Subscribing to our eNewsletter:https://clearwatercompliance.com/resources/newsletters/
- Checking our company web site: http://clearwatercompliance.com/
- Attending a HIPAA HITECH live webinar: http://abouthipaa.com/webinars/upcoming-live-webinars/
- Viewing a pre-recorded webinar: http://abouthipaa.com/webinars/on-demand-webinars/
Latest posts by Bob Chaput (see all)
- Making the case for comprehensive cyber-risk strategies: 10 startling facts that will spur C-suite action - August 8, 2016
- Building Capability and Capacity to Take on Healthcare’s Evolving Security Threats - August 5, 2016
- HIPAA Risk Analysis Tip – The Biggest Risk Management Surprises in the 2016 OCR Audit Protocol - April 11, 2016