Sue McAndrew, JD and David S. Holtzman, JD (Office for Civil Rights / Health Information Privacy Division) both called for a “Culture of Compliance” at the May 10-11 NIST/OCR HIPAA Security Conference in Washnington. The concept of a “culture of compliance” is not new in the risk management and regulatory compliance world, but seems to be a new term for health care.  Learn what they mean…

Following is an excerpt from Sue’s and David’s “Health Information Security RuleTrends in Enforcement” presentation…

  • OCR aggressively enforcing the HIPAA Privacy and Security Rules. 
  • Covered entities and business associates should have robust HIPAA Privacy and Security compliance programs.
  • A robust compliance program includes employee training, vigilant implementation of policies and procedures, regular internal audits, and a prompt action plan to respond to incidents.

The OCR website, a wide range of helpful information about health information privacy including educational information, FAQ’s, rule text and guidance for the Privacy, Security, and Breach Notification Rules.

We also invite you to view our HIPAA-HITECH Resources.  If you’re interested in jump-starting or reviving your HIPAA Security compliance program, you may wish to consider killing two birds with one stone: 1) Complete a Required Standard [45 CFR 164.308(a)(8)] in the HIPAA Security Final Rule; and, 2) Determine exactly where you stand with respect to the 22 Standards and 53 Implementation Specification in the regulations.

Let me know you questions!

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group:
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.