HIPAA: First Things First

By Mark Norby, HealthInsight Certified HIPAA Professional 

The Office for Civil Rights (OCR) has developed a new method to help them perform even more random HIPAA audits. These new audits – called desk audits – focus on just seven of the 176 audit elements and the audit is performed entirely via email.  The seven areas of focus consist of:

  • Privacy – Notice of Privacy Practices and Content Requirements
  • Privacy – Provision of Notice of Privacy Practices
  • Privacy – Right to Access
  • Breach – Timeliness of Notification
  • Breach – Content Notification
  • Security – Security Risk Analysis
  • Security – Risk Management

Once contacted, your organization will be expected to provide “demonstrable proof” of compliance in these seven areas. Obviously, your goal is to become compliant in all 176 audit elements, but pragmatism dictates that we focus on these areas of HIPAA compliance first.

Please feel free to contact me if you have any questions or need any help: mnorby@healthinsight.org or (307) 258-5322.

For more information:

OCR 2016 HIPAA Desk Audit Guidance on Selected Protocol Elements https://www.hhs.gov/sites/default/files/2016HIPAADeskAuditAuditeeGuidance.pdf


Trackback from your site.