What Is OCR Looking for in Upcoming HIPAA Compliance Audits? 

What are the top 3 focus areas for the next round of HIPAA compliance audits? A former staffer from the Office for Civil Rights predicts risk assessment, encryption of end-user devices and contingency planning will be in the spotlight once 2014 audits commence. This is consistent with the opinions expressed in our own recent HIPAA-HITECH Blue Ribbon Panel and with the comments of OCR Deputy Director Susan McAndrew who highlighted security risk assessments as a key focus area this year during her comments at the HIMSS 2014 Conference.

Risk assessment has been a sore spot for almost all organizations that have undergone an OCR audit or investigation. A full assessment helps identify key vulnerabilities and prepares organizations to address specific focal points, like encryption and contingency planning.

How prepared is your organization when it comes to risk assessment, encryption and contingency planning?

Oh. And did I mention the former OCR staffer predicts audits will commence sometime around April?


Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.