Office of Civil Rights will conduct security audits on covered entities and business associates. Covered entities and business associates should proactively develop a work plan to review their operations in light of the specifications identified in the protocol. The detailed audit guidance can serve as a roadmap for compliance. Covered entities and business associates may assess current practices for each established performance criterion using OCR's audit procedures in order to understand their current state of compliance. Such efforts may help reduce the risks of adverse findings in an actual audit, and reduce the likelihood of a breach or some other form of HIPAA violation.
Conducting a risk analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications in the HIPAA Security rule. Risk analysis should be an ongoing process, in which a covered entity regularly reviews its records to track access to e-PHI and detect security incidents, periodically evaluates the effectiveness of security measures put in place, and regularly reevaluates potential risks to e-PHI.
The HIPAA Breach Notification Rule, 45 CFR 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information.
The webinar will discuss what the OCR will review and key elements of the HIPAA Privacy and Security and Breach Notification Rules and what processes and safeguards must be in place to ensure appropriate protection of electronic protected health information.
Areas Covered in the Session: