OCR to conduct audits starting in 2014


vcpi About The Author

April 17, 2014

The Department of Health and Human Services’ Office for Civil Rights recently announced it will resume its HIPAA compliance audit program starting the fall of 2014.

“OCR will be conducting desk audits of select HIPAA privacy and security rule provisions, with comprehensive on-site audits conducted as resources allow,” noted an OCR person. In 2012, KPMG conducted 115 pilot audits. The upcoming 2014 audits will be conducted by OCR staff. The auditors will assess compliance efforts through an updated protocol, which will include new criteria reflecting HIPAA Omnibus Rule changes and more specific test procedures. Read more details about the HIPAA Audit.

What if you are selected for an audit? Could you afford a fine or other type of sanction? Let VCPI prepare you for any potential audits that might come your way. Select which option works best for your business:

1. HIPAA Security Assessment (HSA) is a focused review that covers all Standards and Implementation Specifications in the HIPAA Security Rule as well as requirements related to the HITECH Act Breach Notification rules.

2. Our Technology Risk Assessment (TRA) establishes a comprehensive, enterprise-wide information security review of your environment, leveraging a combination of applicable laws and regulations concerning information security (i.e., HIPAA Secruity Rule, HITECH Act) and industry best practices and frameworks (i.e., NIST SP800-53, ISO/IEC 27002, PCI-DSS).

Assessments can be done virtually or onsite, with minimal effort on your part. Our team will work with your staff to review the devices, policies, and documentation (among other business components) to identify where you may be at risk. As part of the effort, you'll receive a report and list of recommendations to help minimize your risk.

Don’t wait too long to ensure you are to your Account Manager or contact our Sales team to schedule your assessment today.