On March 21, 2016, OCR Director Jocelyn Samuels announced the launch of the Phase 2 HIPAA Audit Program. The audit was to consist of over 200 desk and on-site audits for both covered entities and business associates to verify if the HIPAA Privacy, Security and Breach Notifications standards and implementations were being met.
User activity monitoring was found to be the No. 1 deficiency during the pilot audits, accounting for nearly one quarter of the issues identified for non-compliance with the HIPAA Security Rule.
FairWarning®’s solutions for patient privacy monitoring maps to 31 key requirements of the OCR Phase 2 HIPAA Audit Protocol requirements and influence many others, which are focused on both the management process and audit controls for applications containing PHI.