Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

7 steps to pass, or better yet avoid, an OCR security audit

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 6 Dec 2019 08:46:18 +0000 (UTC)
https://www.healthcareitnews.com/news/7-steps-pass-or-better-yet-avoid-ocr-security-audit

By Bill Siwicki
Healthcare IT News
December 04, 2019
The U.S. Department Health and Human Services’ Office for Civil Rights is responsible for auditing and enforcing compliance with the HIPAA security and privacy regulations, as well as the additional rules and clarifications contained in HITECH.
OCR enforces privacy and security rules through compliance audits, education and outreach, and subsequent fines or mitigation expenses. OCR also works with the Department of Justice on possible criminal violations.
An OCR audit usually is triggered by one of two events: Either a complaint has been filed against the practice by a patient or an internal whistleblower, or the practice has reported a breach to OCR.
“Breaches affecting 500 individuals or more must be reported to OCR, in addition to other reporting requirements,” explained Troy Young, chief technology officer at AdvancedMD, a medical office platform vendor. 

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: