How FairWarning Supports OCR Phase 2 HIPAA Audits

Issue link:

Contents of this Issue


Page 0 of 1

For more information visit: FairWarning Patient Privacy Intelligence and the audits In the 2012 audits, Audit Controls (user activity monitoring) was found to be the #1 deficiency in the first twenty audits, and the number 1 technical security deficiency at the completion of all 115 audits. FairWarning Patient Privacy Intelligence provides an end-to-end solution to organizations to comply with their obligations in the area of Audit Controls. Our solution delivers actionable application security insights on a wide range of areas of user activity from snooping, changes in user behaviors using statistical analysis and trending to security events such as simultaneous log-ins and access after termination. It provides one place to monitor, document reviews, record investigations into suspicious behaviors and provide centralized governance reporting. Verification of Contact Information (underway now) Creation of Audit Candidate Pool Phase 2 Audits - Scheduled to begin in coming months Updated Audit Protocols - OCR issued a new audit protocol in April 2016 Notification - OCR will notify selected Covered Entities in writing (email) they have been selected for an audit. Document Demand - Covered Entities have 10 business days to submit requested information via OCR's secure portal. All documents to be in a digital form. How Phase 2 Audits are to be conducted - Primarily desk audits with all desk audits scheduled to be completed by 12/31/16. After the Phase 2 Audits - Audits are primarily a compliance improvement activity. OCR will review and analyze information from the final reports. The aggregated results of the audits will enable OCR to better understand compliance efforts with particular aspects of the HIPAA Rules. Should an audit report indicate a serious compliance issue, OCR may initiate a compliance review to further investigate. On Monday, March 21, 2016, the Office for Civil Rights (OCR) announced Phase 2 of its HIPAA audits. In the Phase 2 Audit Program, OCR will review the policies and procedures of selected covered entities and business associates to examine compliance with the HIPAA Privacy, Security and Breach Notification Rules. Providers will be asked to identify business associates and it is recommended to have lists and contact information for BAs available. Process and Key Information: For more information, please visit | 727-576-6700 | © Copyright 2004-2016 FairWarning, Inc. | All rights reserved. Various trademarks held by their respective owners. How FairWarning Supports OCR Phase 2 HIPAA Audits

Articles in this issue

Links on this page

Archives of this issue

view archives of Datasheets - How FairWarning Supports OCR Phase 2 HIPAA Audits