Recently at the Privacy & Security Forum, senior advisor Linda Sanches discussed what the OCR will be looking for in the upcoming on-site 2017 audits. Although the likelihood that your organization will be selected are slim, (fewer than the 205 desk audits conducted in 2016), the OCR is hoping to identify risks and vulnerabilities not yet uncovered through previous audits or investigations stemming from breaches and complaints. Their efforts to fulfill those hopes are also slim since Sanches admits that, “Two huge problems we’re seeing are implementation of risk analysis and risk management.”

See more about Sanches discussion here.

See OCR’s Final Guidance on a bona fide Risk Analysis here.

Mary Chaput

CFO & Chief Compliance Officer at Clearwater Compliance
Mary has 35 years of international and domestic business experience spanning the healthcare, information services, manufacturing and venture capital consulting industries.She is Clearwater’s CFO and Compliance Officer. As an experienced corporate CFO and risk manager, Mary works actively with customers and prospects to identify and prioritize their risks and to develop effective remediation plans within their budgets.