Recently at the Privacy & Security Forum, senior advisor Linda Sanches discussed what the OCR will be looking for in the upcoming on-site 2017 audits. Although the likelihood that your organization will be selected are slim, (fewer than the 205 desk audits conducted in 2016), the OCR is hoping to identify risks and vulnerabilities not yet uncovered through previous audits or investigations stemming from breaches and complaints. Their efforts to fulfill those hopes are also slim since Sanches admits that, “Two huge problems we’re seeing are implementation of risk analysis and risk management.”
See more about Sanches discussion here.
See OCR’s Final Guidance on a bona fide Risk Analysis here.
Latest posts by Mary Chaput (see all)
- Call for State Privacy Laws to Align with HIPAA - February 13, 2017
- IF YOU HAVE TO DISCLOSE, LOOK YOUR BEST - December 27, 2016
- OCR is using audits to find risks and vulnerabilities that might not otherwise be known. - December 14, 2016