What Is OCR Looking for in Upcoming HIPAA Compliance Audits?
What are the top 3 focus areas for the next round of HIPAA compliance audits? A former staffer from the Office for Civil Rights predicts risk assessment, encryption of end-user devices and contingency planning will be in the spotlight once 2014 audits commence. This is consistent with the opinions expressed in our own recent HIPAA-HITECH Blue Ribbon Panel and with the comments of OCR Deputy Director Susan McAndrew who highlighted security risk assessments as a key focus area this year during her comments at the HIMSS 2014 Conference.
Risk assessment has been a sore spot for almost all organizations that have undergone an OCR audit or investigation. A full assessment helps identify key vulnerabilities and prepares organizations to address specific focal points, like encryption and contingency planning.
How prepared is your organization when it comes to risk assessment, encryption and contingency planning?
Oh. And did I mention the former OCR staffer predicts audits will commence sometime around April?
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – What Level of Detail is Adequate? - April 29, 2017
- HIPAA Risk Analysis Tip – How Comprehensive Must Your HIPAA Security Risk Analysis Be? - April 25, 2017
- HIPAA Risk Analysis Tip – Does OCR really use the “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”? - April 23, 2017