Health care organizations and the 140 areas that could be checked during a HIPAA audit
Beginning early 2016, the Office of Civil Rights (OCR) will
begin auditing health care organizations to check their HIPAA compliance
situation. This is a new effort by OCR, with increased funding, to hold health
care organizations accountable to the HIPAA Compliance Rules and Standards.
When a health care organization is audited by OCR, they will
need to have documentation of their compliance in more than 140 areas of the
HIPAA Compliance Rules. These areas of accountability include:
- HIPAA Security Rule (Required and Addressable): 66 individual requirements
“If an implementation specification is described as “required,” the specification must be implemented. The concept of "addressable implementation specifications" was developed to provide covered entities additional flexibility with respect to compliance with the security standards. In meeting standards that contain addressable implementation specifications, a covered entity will do one of the following for each addressable specification:
(a) implement the addressable implementation specifications;
(b) implement one or more alternative security measures to accomplish the same purpose;
(c) not implement either an addressable implementation specification or an alternative.
The covered entity’s choice must be documented. The covered entity must decide whether a given addressable implementation specification is a reasonable and appropriate security measure to apply within its particular security framework.”
- HIPAA Privacy Rule: 67 individual requirements
- HIPAA Breach Rule: 10 individual requirements
HIPAA audits are going to happen and they are real. If your
organization is not prepared to account for the 140 individual areas of
accountability, then move forward and become compliant! Your organization will
be held accountable for any areas of non-compliance.
It looks like OCR is beginning to take HIPAA compliance a lot more seriously and so should you. For your organization, HIPAA is an irritating nuisance, but for the individual, whose personal and private health information you have, it means so much more.
It looks like OCR is beginning to take HIPAA compliance a lot more seriously and so should you. For your organization, HIPAA is an irritating nuisance, but for the individual, whose personal and private health information you have, it means so much more.
For more information on this topic, please feel free to
email support@hcsiinc.com
Read more about upcoming HIPAA audits: http://bit.ly/1OiU2Wf
Learn more about conducting your own in-house HIPAA Security risk analysis: http://bit.ly/1Mkg0CE
Understand HIPAA Security workforce: http://bit.ly/1kwnH1g
Read more about upcoming HIPAA audits: http://bit.ly/1OiU2Wf
Learn more about conducting your own in-house HIPAA Security risk analysis: http://bit.ly/1Mkg0CE
Understand HIPAA Security workforce: http://bit.ly/1kwnH1g
No comments:
Post a Comment