Recently at the Privacy & Security Forum, senior advisor Linda Sanches discussed what the OCR will be looking for in the upcoming on-site 2017 audits. Although the likelihood that your organization will be selected are slim, (fewer than the 205 desk audits conducted in 2016), the OCR is hoping to identify risks and vulnerabilities not yet uncovered through previous audits or investigations stemming from breaches and complaints. Their efforts to fulfill those hopes are also slim since Sanches admits that, “Two huge problems we’re seeing are implementation of risk analysis and risk management.”
See more about Sanches discussion here.
See OCR’s Final Guidance on a bona fide Risk Analysis here.
We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.