Waiting Game Continues for HIPAA Security Audits
The HHS Office for Civil Rights continues to develop its random HIPAA security audit program, and anticipates implementing it expeditiously, OCR Director Jocelyn Samuels said during a discussion with reporters on Jan. 13. But she wont say if the long-delayed program will start this year.
The HHS Office for Civil Rights continues to develop its random HIPAA security audit program, and anticipates implementing it expeditiously, OCR Director Jocelyn Samuels said during a discussion with reporters on Jan. 13. But she wont say if the long-delayed program will start this year.
OCR is working very proactive in developing the protocols for the program, Samuels said, but wants to make sure they get it right. We will make announcements in the weeks and months to come so the industry will understand what to expect.
The audit program, which will affect HIPAA-covered entities and business associates, will be another enforcement tool for OCR, with results informing the agency of systemic industry security deficiencies to hone in on.
Samuels indicated that OCR will continue to focus on high-impact breaches that demonstrate systemic deficiencies to send a message to organizations that fail to conduct risk analyses, ignore known threats or have insufficient workforce training. Thats a warning that the practice of imposing large fines and resolution agreements on organizations that OCR believes have disregarded HIPAA rules will continue.
During 2015, OCR expects to issue security guidance on cloud computing and other emerging technologies. However, the long-awaited HIPAA rule governing the accounting of disclosures of protected health information may be further delayed. OCR may solicit additional input from the industry and the rule remains on the long-term agenda, Samuels said.
OCR is working very proactive in developing the protocols for the program, Samuels said, but wants to make sure they get it right. We will make announcements in the weeks and months to come so the industry will understand what to expect.
The audit program, which will affect HIPAA-covered entities and business associates, will be another enforcement tool for OCR, with results informing the agency of systemic industry security deficiencies to hone in on.
Samuels indicated that OCR will continue to focus on high-impact breaches that demonstrate systemic deficiencies to send a message to organizations that fail to conduct risk analyses, ignore known threats or have insufficient workforce training. Thats a warning that the practice of imposing large fines and resolution agreements on organizations that OCR believes have disregarded HIPAA rules will continue.
During 2015, OCR expects to issue security guidance on cloud computing and other emerging technologies. However, the long-awaited HIPAA rule governing the accounting of disclosures of protected health information may be further delayed. OCR may solicit additional input from the industry and the rule remains on the long-term agenda, Samuels said.
More for you
Loading data for hdm_tax_topic #care-team-experience...