FairWarning Executive Series Webinar

From the Front Lines: Navigating the OCR Phase 2 HIPAA Audits

What should your organization do to prepare for OCR Phase 2 HIPAA audits? This webinar provides guidance from three of the healthcare industry’s leading professionals.

Download the Slides

Executive Summary

What should your organization do to prepare for OCR Phase 2 HIPAA audits? This webinar provides guidance from three of the healthcare industry’s leading professionals.

Carla Wagner is Beacon Health System’s Privacy Officer. In this webinar, Carla provides an interesting perspective: Meeting privacy and compliance challenges with a minimal staff. Carla oversees a one-person privacy office—and she is that one person.

How can just one person possibly assure OCR compliance for a vast healthcare system? With the help of FairWarning’s Managed Privacy Services.

Before FairWarning, Beacon Health was more reactionary than proactive. One incident, for example, was discovered only after a patient filed a complaint (it turned out that an employee had improperly accessed more than 100 records in less than one month!). Carla describes some of the fallout from that incident and explains how FairWarning is helping her organization become more proactive and less reactive.

Carla also discusses the importance and process of creating a central repository for privacy and security investigations and governance activities. She’s using FairWarning to help her accomplish that goal.

Also in this webinar, Attorney Trish Markus helps the audience get up-to-speed with the details of OCR Phase 2 HIPAA Audits. She provides a thorough description of the process through which organizations are selected for audits. (Hint: Failure to respond to survey letters will not prevent organizations from selection for audit, and may garner some very unwanted attention.)

And what if your organization is selected for an OCR audit? Trish walks the audience through a detailed description of the audit process. She discusses guidelines for providing the requested documentation and describes what to do if you don’t have the requested documentation.

Trish provides tips for assuring that the audit process goes as smoothly as possible. And she reveals the areas of focus that will be spotlighted with Phase 2 audits—along with future changes to expect with the OCR’s areas of focus.

Trish also discusses the single organizational failure discovered over and over during audits (continually “astonishing” the OCR) that lead to penalties and settlements. And, perhaps most importantly, Trish provides a detailed action plan for preparing for Phase 2 audits.

Finally, FairWarning’s Director of Managed Privacy Services, Chuck Burbank, shares some of his personal experience in undergoing the audit process. Chuck also describes how FairWarning’s capabilities map to Phase 2 audit protocols, including:

  • Investigations Management

  • Governance Reporting

  • Identity Intelligence

  • Cloud Application Monitoring

  • Real-Time Threat Response

For healthcare security professionals concerned about OCR Phase 2 HIPAA Audits—and that should be every healthcare security professional—this is a must-see webinar.

Trish Markus, Esq.

Attorney at Law
Nelson Mullins Riley & Scarborough LLP