Top Button
Own Your Audit

PART 1

IS YOUR COMPANY SUBJECT TO AN OCR COMPLIANCE AUDIT? IN PHASE 2, COVERED ENTITIES AND BUSINESS ASSOCIATES MAY BE AUDITED.

KEY POINTS

Who is impacted?

  • Covered entities: Health plans, health care clearing houses, and most health care providers.
  • Business associates: Generally, anyone - typically, a vendor - handling protected health information on behalf of a covered entity.

What's at stake?

  • Phase 2 audits are part of a larger program of ongoing compliance audits. The focus is expected to shift from education to enforcement.
  • Non-compliance threatens individuals (patients and plan participants), as well as covered entities and their business associates.
  • Privacy and security violations can subject individuals to financial and medical identity theft, as well as undermine their confidence in providers and plans.
  • Violations also carry serious financial and reputational risks for covered entities and business associates.

PART 2

HOW CAN A RISK ASSESSMENT PROTECT YOUR ORGANIZATION AND INDIVIDUALS?

KEY POINTS
  • Data breaches and security incidents are prevalent: almost certainly a matter of when, not if. A robust Security Rule compliance program helps you manage risks and vulnerabilities.
  • A Risk Assessment is mandatory for covered entities and business associates and is the cornerstone of Security Rule compliance.
  • The Security Rule provides flexibility for organizations to tailor the Risk Assessment to their unique circumstances.
  • A risk management program built on Risk Assessment findings protects entities and individuals, and can mitigate damages in the event of a breach.

PART 3

ONGOING TRAINING | PROTECT YOUR BUSINESS

KEY POINTS
  • A compliance program is only as strong as the people behind it.
  • Workforce training is mandatory and helps you protect data and minimize risk.
  • Ongoing data privacy and security training keeps your workforce up-to-date and will help satisfy auditors.
RESOURCES

Click a link below to learn more

 

PART 4

ICE MILLER'S MOCK AUDIT PROGRAM | TEST YOUR PREPAREDNESS

KEY POINTS
  • OCR has launched Phase 2 of its formal HIPAA Audit Program, and will soon audit 100-200 covered entities and business associates for compliance with the HIPAA Privacy, Security, and Breach Notification Rules.
  • With the increasing rigor of HIPAA audits and fines, now is the right to invest in your HIPAA compliance program.
  • Resolving any gaps in your HIPAA compliance program will reduce the likelihood of breaches and consumer complaints, and help you avoid protracted government investigations and any associated penalties.
  • Ice Miller's Audit Preparation Program will pair a team of experienced health data privacy and security attorneys with your organization for a mock desk and on-site audits.
RESOURCES

Click a link below to learn more