OCR Identifies HIPAA Audit Goals
HIPAA compliance auditors contracted by the Office for Civil Rights will review whether covered entities have corrective action plans in place and if they diligently work to remediate any problems, according to an officer of the HITRUST Alliance.
In a recent audio conference with Susan McAndrew, deputy director of health information privacy for OCR, Cliff Baker, chief strategy officer at the HITRUST Alliance, summarized the key goals of a HIPAA audit, which align with some of the major issues on OCR's radar for the industry:
- Incident detection and response (OCR's top issue)
- Access log review
- Secure wireless network
- User access and passwords management
- Theft or loss of mobile devices
- Up-to-date software
- Role-based access -- lack of information access management
OCR in June awarded KPMG, LLP a $9.2 million contract to administer the HIPAA privacy and security compliance audits required by Congress via HITECH. The first phase of the audits -- in which OCR plans to visit 150 covered entities -- is expected to this fall and will end by December 31, 2012.
OCR is taking a systematic approach to determining which organizations to audit based on risk, Baker said. Audits will no longer be driven by responses to complaints or breaches, but will be directed at organizations that OCR selects based on an overall risk profile.
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- CNO on Hospital Redesign: 'You Can't Over-Communicate'
- How Digital Strategy Shapes Patient Engagement at Boston Children's Hospital
- Half of All Primary Care, Internal Medicine Jobs Unfilled in 2013
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- Carondelet to Pay $35M to Settle Fraud Allegations
- 3 Traits Personality Assessments Can't Reveal
- Some Cancer Hospitals' Quality Data Will Soon Be Public
- CA Powers Up $80M HIE to 'Create Value in the Data'