Preparing for and Passing an OCR HIPAA Audit
The HHS Office for Civil Rights' much-delayed resumption of its random HIPAA compliance audit program is expected in the coming months. So now is the time to prepare. This session will cover the highest priority tasks that should be started immediately if not already underway to help lay the groundwork for a relatively pain-free audit, focusing on tasks such as:
See Also: Creating a Culture of Security
- Conducting a risk analysis and acting on the findings - Jocelyn Samuels, (director of DHHS OCR) recently stated that this will be a primary focus of any audit, as the pilot audit program found that many organizations had failed to take this fundamental HIPAA compliance step which is seen by OCR as a contributing factor in many of the known breaches
- Ensuring every CE (Covered Entity) and each affected BA (Business Associate) should maintain a detailed record of associated BAs, contact information, monitor current BA agreement signing status and monitor BAs as to their incident response and breach notification readiness. BAs should also be encouraged to focus on risk analysis and management as well as identification and oversight of their subcontractor BAs where applicable.
- Communicating and practicing your own HIPAA security, privacy, and breach notification policies and procedures, ensuring that all levels of the organization understand their roles and responsibilities in protecting health data.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.