Am I prepared for an OCR Audit?

With the 2016 Office for Civil Rights (OCR) audits currently underway, and more audits looming for 2017, healthcare organizations would be wise to shore up their security regimens to ensure compliance with the HIPAA Security Rule.

Every Covered Entity and Business Associate is eligible for an audit. The primary audit objective is to assess compliance of the HIPAA regulated industry, with a focus on selected specifications of HIPAA Privacy, Security, and Breach Notification Rules. OCR also hopes to discover industry-common vulnerabilities that remain undetected during routine OCR complaint investigations and compliance reviews, and use these findings to develop new breach prevention strategies.  OCR will ultimately use audit findings to determine where to focus ongoing enforcement initiatives.

OCR’s audit protocol encompasses requirements and implementation specifications from HIPAA Privacy, Security and Breach Notification Rules.   Included in the protocol are 89 Privacy requirements, 72 Security requirements and 19 Breach Reporting requirements. Based on the type of Covered Entity or Business Associate selected for audit, OCR will identify a subset of topics to be audited from among these 180 audit items.

Let BlueOrange Compliance help your organization become audit-ready.

How Can We Help?