In a recent post by Howard Anderson entitled: “Permanent HIPAA Audit Program Coming”, Howard quoted Leon Rodriguez, Director of the Office for Civil Rights on several practical, actionable steps organizations must take now to prepare for the upcoming HIPAA OCR/KPMG audits.  Let’s compare our respective recommendations.

Benefit from our expertise; prepare for the audits!  …


Just Getting Started with HIPAA Audit Prep? | HIPAA Audit Tips

Need HIPAA Audit Help?

Director Rodriquez speaks out in “Interactive Session: Privacy and Security – You can do it!”

At the annual meeting of the Office of the National Coordinator for Health IT on November 17th, Rodriguez provided the following recommendations:

  • Check that risk assessments are up to date;
  • Make sure senior managers are supportive of risk mitigation strategies;
  • Review existing compliance programs as well as staff training;
  • Ensure vigilant implementation of privacy and security policies and procedures, as well as tough sanctions for violating them;
  • Conduct frequent internal compliance audits; and
  • Develop a plan for prompt response to breach incidents.

Just getting started preparing for the upcoming KPMG OCR HIPAA Audits? Here’s Clearwater Compliance’s By-the-Regs HIPAA Audit Help Playbook:

  1. Stand Up Your Privacy and Security Risk Management & Governance Program (45 CFR § 164.308(a)(1))
  2. Complete a HIPAA Security Evaluation (45 CFR § 164.308(a)(8))
  3. Complete a HIPAA Security Risk Analysis (45 CFR §164.308(a)(1)(ii)(A))
  4. Develop comprehensive HIPAA Privacy and Security and Breach Notification Policies & Procedures (45 CFR §164.530 and 45 CFR §164.316))
  5. Complete a Privacy Rule compliance assessment (45 CFR §164.530)
  6. Document and act upon a corrective action plan

Visit Clearwater Compliance for more information or call us today at 800-704-3394 to learn more aboutClearwater Compliance’s HIPAA AuditPrep™ Series of Workshops.

Wanna be even more hip on HIPAA? Learn more…

The complete HIPAA Privacy, Security and Breach regulations are here.

If you’d like keep up to date on Risk Analysis or HIPAA-HITECH in general, please also consider (all optional!):

Series Navigation<< HIPAA Audit Tips – CLEARWATER COMPLIANCE PUBLISHES SEMINAL HIPAA AUDIT WHITE PAPERHIPAA Audit Tips – Lessons from CMS’ 2008 Compliance Reviews >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.