Corporate Compliance

OCR's HIPAA audit hot-button topics revealed

Compliance Monitor, August 17, 2011

HIPAA compliance auditors contracted by the Office for Civil Rights (OCR) will determine whether covered entities have implemented corrective action plans and whether they diligently work to remedy any problems, says Cliff Baker, managing partner at Meditology Services in Atlanta.

Baker, Susan McAndrew, OCR’s deputy director of health information privacy, and Adam Greene, Esq. a partner at Davis Wright Tremaine in Washington, D.C., who previously served as OCR’s senior health information technology and privacy advisor, addressed this topic during a recent audio conference.

Baker summarized information from their presentation in a follow-up e-mail. Topics on OCR’s radar include:

  • Incident detection and response, the agency’s primary concern
  • Access log review
  • Secure wireless network
  • User access and passwords management
  • Theft or loss of mobile devices
  • Up-to-date software
  • Role-based access — lack of information access management

“The audits are seen as an opportunity to gather information about exposures in the industry and proactively identify certain issues ahead of time before they result in breaches across the industry,” says Baker in an e-mail. “The results of the audit will be a learning opportunity for the entire industry.”

Most Popular