What Is OCR Looking for in Upcoming HIPAA Compliance Audits? 

What are the top 3 focus areas for the next round of HIPAA compliance audits? A former staffer from the Office for Civil Rights predicts risk assessment, encryption of end-user devices and contingency planning will be in the spotlight once 2014 audits commence. This is consistent with the opinions expressed in our own recent HIPAA-HITECH Blue Ribbon Panel and with the comments of OCR Deputy Director Susan McAndrew who highlighted security risk assessments as a key focus area this year during her comments at the HIMSS 2014 Conference.

Risk assessment has been a sore spot for almost all organizations that have undergone an OCR audit or investigation. A full assessment helps identify key vulnerabilities and prepares organizations to address specific focal points, like encryption and contingency planning.

How prepared is your organization when it comes to risk assessment, encryption and contingency planning?

Oh. And did I mention the former OCR staffer predicts audits will commence sometime around April?


Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.