Sue McAndrew, JD and David S. Holtzman, JD (Office for Civil Rights / Health Information Privacy Division) both called for a “Culture of Compliance” at the May 10-11 NIST/OCR HIPAA Security Conference in Washnington. The concept of a “culture of compliance” is not new in the risk management and regulatory compliance world, but seems to be a new term for health care. Learn what they mean…
Following is an excerpt from Sue’s and David’s “Health Information Security RuleTrends in Enforcement” presentation…
- OCR aggressively enforcing the HIPAA Privacy and Security Rules.
- Covered entities and business associates should have robust HIPAA Privacy and Security compliance programs.
- A robust compliance program includes employee training, vigilant implementation of policies and procedures, regular internal audits, and a prompt action plan to respond to incidents.
The OCR website, http://www.hhs.gov/ocr/privacy/offers a wide range of helpful information about health information privacy including educational information, FAQ’s, rule text and guidance for the Privacy, Security, and Breach Notification Rules.
We also invite you to view our HIPAA-HITECH Resources. If you’re interested in jump-starting or reviving your HIPAA Security compliance program, you may wish to consider killing two birds with one stone: 1) Complete a Required Standard [45 CFR 164.308(a)(8)] in the HIPAA Security Final Rule; and, 2) Determine exactly where you stand with respect to the 22 Standards and 53 Implementation Specification in the regulations.
Let me know you questions! firstname.lastname@example.org.
More HIPAA HITECH Resources:
The complete HIPAA Privacy, Security and Breach regulations are here.
Latest posts by Bob Chaput (see all)
- Making the case for comprehensive cyber-risk strategies: 10 startling facts that will spur C-suite action - August 8, 2016
- Building Capability and Capacity to Take on Healthcare’s Evolving Security Threats - August 5, 2016
- HIPAA Risk Analysis Tip – The Biggest Risk Management Surprises in the 2016 OCR Audit Protocol - April 11, 2016