What does the HHS, OCR announcement mean to you?
A new precedent was set by our Federal government, specifically by Health and Human Services, Office for Civil Rights (OCR). OCR issued the first of its kind Resolution Agreement highlighting the importance of audit controls for care providers.
HIPAA Enforcement, HITECH, State Laws are one of the business drivers impacting the increased HIPAA enforcement and associated privacy requirements mandated by HITECH. Core requirements of HIPAA, state and international security frameworks mandate the systematic review of systems which access PHI through the examination of audit trails and related information. FairWarning held an Executive Webinar in June of 2016 in which the Director of OCR Enforcement announced there would be an upcoming emphasis on Audit Controls. From 2008 to 2017 we have seen the number of Resolution Agreements rise, there were a record 13 Resolution Agreements issued in 2016 alone. And, four (4) to date already by mid-February 2017. The graph above depicts the growth in the number of Resolutions Agreements year over year signed by HHS.
Referenceable Ability to Satisfy HIPAA Audits and Attest for MU is a must in your Patient Privacy Intelligence solution. The OCR’s continued HIPAA audits and its issuance of increasingly punitive Resolution Agreements have raised the stakes for care providers.
How do you satisfy OCR HIPAA audit controls?
The HHS offers additional guidance on audit controls and outlines 4 questions Covered Entities and Business Associates should consider:
What audit control mechanisms are reasonable and appropriate to implement so as to record and examine activity in information systems that contain or use ePHI?
What are the audit control capabilities of information systems with ePHI?
Do the audit controls implemented allow the organization to adhere to their audit control policies and procedures?
Are changes or upgrades of an information system’s audit capabilities necessary?
3 Critical Capabilities of a Patient Privacy Intelligence (PPI) Platform:
- High Availability and Scale
- Data Integrity and Governance
- Open Architecture
Finding a Patient Privacy Intelligence (PPI) platform that meets the business and technical demands of modern care providers for regulatory compliance and information security is critical.
Patient Privacy Intelligence is the industry’s next-generation compliance and information security platform. To learn more about Patient Privacy Intelligence download our Whitepaper.