What Covered Entities Need to Know about OCR HIPAA Audits
September 19th, 2017 3:00PM EDT
OCR announced Phase 2 of its HIPAA audit program in 2016, which would focus on desk audits to review how healthcare organizations – and business associates – adhere to the HIPAA Privacy, Security, and Breach Notification Rules. Healthcare organizations must have the right policies and procedures in place, but they should also be aware of the documented OCR compliance program.
Phase 1 audits had as their focus entities checking boxes off to ensure they had read the rules, addressed each required provision, and then included that in their policies and procedures. However, the latest round put the focus on compliance and action. But what exactly is OCR looking for? Even if they weren’t selected this time, how should covered entities and business associates prepare for a potential OCR HIPAA audit? What can healthcare organizations expect for the final OCR audit phase?
In this webcast, listeners will learn the basics of an OCR HIPAA audit and garner a better understanding of OCR’s 2017 to 2018 goals and objectives with regard to compliance review and potential enforcement.
Additionally, attendees can learn more about the following:
Best practices to uncover potential risk and vulnerabilities in the organization
Detect areas where technology can assist with compliance
How to approach vendor risk management, and the importance of business associate agreements
Why ongoing risk assessments are critical to basic HIPAA compliance
Iliana L. Peters, J.D., LL.M.
Senior Advisor for HIPAA Compliance and Enforcement
HHS Office for Civil Rights
In this role, Ms. Peters is the national lead for OCR enforcement of the HIPAA Rules, and works closely with OCR’s ten regional offices to promote compliance with the HIPAA Rules. Additionally, she supports many other OCR policy and outreach initiatives, including rulemakings, compliance initiatives with other federal agencies, and training, including of the State Attorneys General.
Iatric Systems Security Audit Manager™, the KLAS category leader in patient privacy monitoring three years in a row, has helped hundreds of healthcare organizations reduce the risk of privacy breaches and comply with HIPAA/HITECH and Meaningful Use regulations. Security Audit Manager proactively monitors millions of transactions daily and alerts compliance staff to instances of inappropriate access to patient data. The system consolidates patient access data from all of your organization's diverse software applications, and reduces audit volumes to review by 95%.