The Importance of HIPAA Audit Controls

February 27, 2017 Christina Lembo

The Importance of HIPAA Audit Controls

What does the HHS, OCR announcement mean to you?

A new precedent was set by our Federal government, specifically by Health and Human Services, Office for Civil Rights (OCR). OCR issued the first of its kind Resolution Agreement highlighting the importance of HIPAA audit controls for care providers.

“$ 5.5 MM HIPAA Settlement Shines Light on the Importance of Audit Controls”

HIPAA Enforcement, HITECH, State Laws are one of the business drivers impacting the increased HIPAA enforcement and associated privacy requirements mandated by HITECH. Core requirements of HIPAA, state and international security frameworks mandate the systematic review of systems which access PHI through the examination of audit trails and related information. FairWarning held an Executive Webinar in June of 2016 in which the Director of OCR Enforcement announced there would be an upcoming emphasis on Audit Controls. From 2008 to 2017 we have seen the number of Resolution Agreements rise, there were a record 13 Resolution Agreements issued in 2016 alone. And, four (4) to date already by mid-February 2017. The graph above depicts the growth in the number of Resolutions Agreements year over year signed by HHS.

Referenceable Ability to Satisfy HIPAA Audits and Attest for MU is a must in your Patient Privacy Intelligence solution. The OCR’s continued HIPAA audits and its issuance of increasingly punitive Resolution Agreements have raised the stakes for care providers.


Patient Privacy Intelligence: The Intersection of Compliance, Legal and Information Security

Examine the critical capabilities that a Patient Privacy Intelligence platform can deliver to meet the business and technical demands of modern care providers for regulatory compliance and information security.

Download Whitepaper

How do you satisfy OCR HIPAA audit controls?

The HHS offers additional guidance on audit controls and outlines 4 questions Covered Entities and Business Associates should consider:

What audit control mechanisms are reasonable and appropriate to implement so as to record and examine activity in information systems that contain or use ePHI?

What are the audit control capabilities of information systems with ePHI?

Do the HIPAA audit controls implemented allow the organization to adhere to their audit control policies and procedures?

Are changes or upgrades of an information system’s audit capabilities necessary?

3 Critical Capabilities of a Patient Privacy Intelligence (PPI) Platform:

  • High Availability and Scale
  • Data Integrity and Governance
  • Open Architecture

Finding a Patient Privacy Intelligence (PPI) platform that meets the business and technical demands of modern care providers for regulatory compliance and information security is critical.

Patient Privacy Intelligence is the industry’s next-generation compliance and information security platform.  To learn more about Patient Privacy Intelligence download our Whitepaper.

Request Whitepaper

Previous Article
User Behavior Analytics
User Behavior Analytics

How proactive is your security team about detecting, investigating, and isolating alerts? Do your current s...

Next Article
Is Your Cloud Vendor Taking Your Security & Compliance Posture Hostage?
Is Your Cloud Vendor Taking Your Security & Compliance Posture Hostage?

Some cloud vendors are charging extremely high fees for basic security features, such as audit logs, as the...