• E-mail
• Print
• RSS

CMS, OESS post new security investigation/compliance review information, checklist

HIPAA Weekly Advisor, March 3, 2008

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

On February 20, the Office of E-Health Standards and Services (OESS) posted new information on the CMS Web site regarding upcoming security investigations and compliance reviews.

"Onsite investigations may be triggered by complaints alleging non-compliance, while onsite compliance reviews will typically arise from non-complaint related sources of information such as media reports or self-reported incidents," according to the Web site.

In addition, OESS posted a document entitled "Information Request for Onsite Compliance Reviews" on the Web site. This document serves as a checklist and indicates information that may be requested during an investigation or review. However, the list is not comprehensive, nor is it limiting. "The individual circumstances of each applicable case will dictate the type of information that will be requested during an investigation or review," according to the Web site.

OESS also notes that covered entities review the areas of vulnerability associated with the security of electronic PHI, as highlighted by the checklist, to evaluate the entity's current level of compliance.

For more information, click here.

To view the Information Request for Onsite Compliance Reviews checklist, click here.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• Comment
• E-mail to a Colleague
• Print
• RSS
• Archive

Comments